portforwarding difficulties - Michael P. Soulier

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Michael P. Soulier" <michael_soulier@mitel.com>
To: netfilter@lists.netfilter.org
Subject: portforwarding difficulties
Date: Thu, 23 Jan 2003 14:45:44 -0500	[thread overview]
Message-ID: <20030123144544.V8675@e-smith.com> (raw)

    People,

    My apologies if this has been asked before. 

    I'm setting up iptables to permit a DMZ configuration to be managed by
a Linux box with 3 NICs. Currently, in the PREROUTING chain of the nat
table, I have a rule stating:

/sbin/iptables --append PREROUTING --protocol tcp \
               --dport 6800 \
               -d $external_interface/32 \
               -j DNAT --to-destination $server

    Now, from the internet on the external interface, this works fine. The
server box receives the forwarded traffic. However, from a box on the
private network, the DNAT rule is skipped, and the client ends up trying to
connect to the gateway, which fails since nothing is listening on that
port. 

    My question is, if a client on the private network tries to connect to
$external_interface, should the DNAT rule in the PREROUTING chain match? It
does not appear to be.

    I can see the traffic arrive with tcpdump, but my logging rule in the
firewall that records DNAT'd traffic, which works fine from the internet,
logged nothing in the private network case. 

    Thanks,
    Mike

-- 
Michael P. Soulier <michael_soulier@mitel.com>, 613-592-2122 x2522
SME Solutions, Mitel Networks Corporation
"...the word HACK is used as a verb to indicate a massive amount
of nerd-like effort."  -Harley Hahn, A Student's Guide to Unix

                 reply	other threads:[~2003-01-23 19:45 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030123144544.V8675@e-smith.com \
    --to=michael_soulier@mitel.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.