DNAT query

All of lore.kernel.org
 help / color / mirror / Atom feed

* DNAT query
@ 2005-11-11 10:30 Payal Rathod
  2005-11-11 10:46 ` Rob Sterenborg
                   ` (2 more replies)
  0 siblings, 3 replies; 9+ messages in thread
From: Payal Rathod @ 2005-11-11 10:30 UTC (permalink / raw)
  To: Netfilter ML

Hi,
I am trying to redirect trafffic from outside to an internal machine.  
The setup is SuSE Linux 9.1 (i586) 2.6.4-52-default
# iptables --version
iptables v1.2.9

When I give,
# iptables -t nat -I OUTPUT -d dyn.example.com -p tcp --dport 8000 -j DNAT --to-destination 192.168.10.2:8000
iptables: Target problem

What exactly is wrong? If I try it on my Mandrake box it works. Any 
ideas?
Thanks in advance.
With warm regards,
-Payal




^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: DNAT query
  2005-11-11 10:30 DNAT query Payal Rathod
@ 2005-11-11 10:46 ` Rob Sterenborg
  2005-11-11 11:42   ` Payal Rathod
  2005-11-11 10:55 ` Jörg Harmuth
  2005-11-11 10:57 ` Jörg Harmuth
  2 siblings, 1 reply; 9+ messages in thread
From: Rob Sterenborg @ 2005-11-11 10:46 UTC (permalink / raw)
  To: Netfilter ML

On Fri, November 11, 2005 11:30, Payal Rathod wrote:
> Hi,
> I am trying to redirect trafffic from outside to an internal machine.
> The setup is SuSE Linux 9.1 (i586) 2.6.4-52-default
> # iptables --version
> iptables v1.2.9
>
> When I give,
> # iptables -t nat -I OUTPUT -d dyn.example.com -p tcp --dport 8000 -j
> DNAT --to-destination 192.168.10.2:8000
> iptables: Target problem
>
> What exactly is wrong? If I try it on my Mandrake box it works. Any
> ideas?

Can't say that I've had any problems with this. Try:

iptables -t nat -I PREROUTING -d dyn.example.com -p tcp --dport 8000 \
  -j DNAT --to-destination 192.168.10.2:8000


Gr,
Rob




^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: DNAT query
  2005-11-11 10:46 ` Rob Sterenborg
@ 2005-11-11 11:42   ` Payal Rathod
  0 siblings, 0 replies; 9+ messages in thread
From: Payal Rathod @ 2005-11-11 11:42 UTC (permalink / raw)
  To: netfilter

On Fri, Nov 11, 2005 at 11:46:19AM +0100, Rob Sterenborg wrote:
> iptables -t nat -I PREROUTING -d dyn.example.com -p tcp --dport 8000 \
>   -j DNAT --to-destination 192.168.10.2:8000

This does work (sorry I should have mentioned it before). But I also 
need the OUTPUT rule too, right?

With warm regards,
-Payal



^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: DNAT query
  2005-11-11 10:30 DNAT query Payal Rathod
  2005-11-11 10:46 ` Rob Sterenborg
@ 2005-11-11 10:55 ` Jörg Harmuth
  2005-11-11 10:57 ` Jörg Harmuth
  2 siblings, 0 replies; 9+ messages in thread
From: Jörg Harmuth @ 2005-11-11 10:55 UTC (permalink / raw)
  To: netfilter

Payal Rathod schrieb:
> Hi,
> I am trying to redirect trafffic from outside to an internal machine.  
> The setup is SuSE Linux 9.1 (i586) 2.6.4-52-default
> # iptables --version
> iptables v1.2.9
> 
> When I give,
> # iptables -t nat -I OUTPUT -d dyn.example.com -p tcp --dport 8000 -j DNAT --to-destination 192.168.10.2:8000
> iptables: Target problem
> 
> What exactly is wrong? If I try it on my Mandrake box it works. Any 
> ideas?

Some time ago I had a similar problem with SLES8 and nat/OUTPUT. The
reason was, that is was the _only_ netfilter optio, that wasn't compiled
into the kernel :) I generally don't work with SuSE, so I don't know.
Bur maybe they still don't compile it as a kernel module.

HTH,

Joerg




^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: DNAT query
  2005-11-11 10:30 DNAT query Payal Rathod
  2005-11-11 10:46 ` Rob Sterenborg
  2005-11-11 10:55 ` Jörg Harmuth
@ 2005-11-11 10:57 ` Jörg Harmuth
  2005-11-11 11:41   ` Payal Rathod
  2 siblings, 1 reply; 9+ messages in thread
From: Jörg Harmuth @ 2005-11-11 10:57 UTC (permalink / raw)
  To: netfilter

Payal Rathod schrieb:
> Hi,
> I am trying to redirect trafffic from outside to an internal machine.  
> The setup is SuSE Linux 9.1 (i586) 2.6.4-52-default
> # iptables --version
> iptables v1.2.9
> 
> When I give,
> # iptables -t nat -I OUTPUT -d dyn.example.com -p tcp --dport 8000 -j DNAT --to-destination 192.168.10.2:8000
> iptables: Target problem
> 
> What exactly is wrong? If I try it on my Mandrake box it works. Any 
> ideas?

Some time ago I had a similar problem with SLES8 and nat/OUTPUT. The
reason was, that is was the _only_ netfilter optio, that wasn't compiled
into the kernel :) I generally don't work with SuSE, so I don't know.
Bur maybe they still don't compile it as a kernel module.

HTH,

Joerg



^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: DNAT query
  2005-11-11 10:57 ` Jörg Harmuth
@ 2005-11-11 11:41   ` Payal Rathod
  2005-11-11 12:20     ` Jörg Harmuth
  0 siblings, 1 reply; 9+ messages in thread
From: Payal Rathod @ 2005-11-11 11:41 UTC (permalink / raw)
  To: J?rg Harmuth; +Cc: netfilter

On Fri, Nov 11, 2005 at 11:57:02AM +0100, J?rg Harmuth wrote:
> Some time ago I had a similar problem with SLES8 and nat/OUTPUT. The
> reason was, that is was the _only_ netfilter optio, that wasn't compiled
> into the kernel :) I generally don't work with SuSE, so I don't know.
> Bur maybe they still don't compile it as a kernel module.

So what do you suggest? How do I use it now? Do I have to recomiple te 
kernel for that? I never done that before.
With warm regards,
-Payal



^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: DNAT query
  2005-11-11 11:41   ` Payal Rathod
@ 2005-11-11 12:20     ` Jörg Harmuth
  2005-11-11 16:11       ` Payal Rathod
  0 siblings, 1 reply; 9+ messages in thread
From: Jörg Harmuth @ 2005-11-11 12:20 UTC (permalink / raw)
  To: netfilter

Payal Rathod schrieb:
> On Fri, Nov 11, 2005 at 11:57:02AM +0100, J?rg Harmuth wrote:
> 
>>Some time ago I had a similar problem with SLES8 and nat/OUTPUT. The
>>reason was, that is was the _only_ netfilter optio, that wasn't compiled
>>into the kernel :) I generally don't work with SuSE, so I don't know.
>>Bur maybe they still don't compile it as a kernel module.
> 
> 
> So what do you suggest? How do I use it now? Do I have to recomiple te 
> kernel for that? I never done that before.
> With warm regards,
> -Payal

It depends. But as Robs solution works for you, it looks like you only
need to redirect/forward connections (roughly: PREROUTING -> FORWARD ->
POSTROUTING). You only need nat/OUTPUT for packets, generated on the
firewall itself (roughly: local process -> OUTPUT -> POSTROUTING). If
you need to redirect locally generated packets *and* nat/OUTPUT isn't
compiled - well, yes then you have to compile the module from the kernel
sources (which in this case is simple, because you only have to enable
one option).

HTH,

Joerg

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: DNAT query
  2005-11-11 12:20     ` Jörg Harmuth
@ 2005-11-11 16:11       ` Payal Rathod
  0 siblings, 0 replies; 9+ messages in thread
From: Payal Rathod @ 2005-11-11 16:11 UTC (permalink / raw)
  To: netfilter

On Fri, Nov 11, 2005 at 01:20:13PM +0100, J?rg Harmuth wrote:
> It depends. But as Robs solution works for you, it looks like you only
> need to redirect/forward connections (roughly: PREROUTING -> FORWARD ->
> POSTROUTING). You only need nat/OUTPUT for packets, generated on the
> firewall itself (roughly: local process -> OUTPUT -> POSTROUTING). If
[...]

I am sorry but you lost me here. Can you give the complete ruleset which 
I need now. I always thought I needed PREROUTING as well as OUTPUT.
Thanks in advance.
With warm regards,
-Payal


^ permalink raw reply	[flat|nested] 9+ messages in thread

* DNAT Query
@ 2003-02-27  7:59 Pavan Gokarn
  0 siblings, 0 replies; 9+ messages in thread
From: Pavan Gokarn @ 2003-02-27  7:59 UTC (permalink / raw)
  To: netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 1048 bytes --]

Hello,
    I am a system administrator new to IPTables, well pretty new. I have an issue with DNAT. my DNAT does not work internally. let me give you the configuration. I have a Firewall with 2 plumbed interface on the same card. eth0=172.16.19.231 and eth0:a=10.1.1.25. i have enabled ip_forward. now when i try to access a 10.0.0.0/8 ip address from 172.16.19.0/24 (http) using DNAT on the firewall NATBox it does not work. can you please give me a solution. the commands i issued are.
# iptables -t nat -A PREROUTING -d 172.16.19.152 -p tcp --dport 8080 -j DNAT --to 10.1.1.33:8080

#iptables -t nat -A POSTROUTING -d 10.1.1.33 -p tcp --dport 80 -j SNAT 10.1.1.25

(DNAT in the same network is working though)

can some one please help me with this. also i am writing a gui solution using 'C' as a frontend to iptables tool. Making it much easier for users to configure their firewall quickly. can someone give me the full description of NETFILTER/IPTables extentions and options (manpages is not enough)

Thanx a ton
Regards
Pavan

[-- Attachment #2: Type: text/html, Size: 1786 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2005-11-11 16:11 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-11-11 10:30 DNAT query Payal Rathod
2005-11-11 10:46 ` Rob Sterenborg
2005-11-11 11:42   ` Payal Rathod
2005-11-11 10:55 ` Jörg Harmuth
2005-11-11 10:57 ` Jörg Harmuth
2005-11-11 11:41   ` Payal Rathod
2005-11-11 12:20     ` Jörg Harmuth
2005-11-11 16:11       ` Payal Rathod
  -- strict thread matches above, loose matches on Subject: below --
2003-02-27  7:59 DNAT Query Pavan Gokarn

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.