DNAT what i am doing wrong ???

All of lore.kernel.org
 help / color / mirror / Atom feed

* DNAT what i am doing wrong ???
@ 2003-10-18 19:53 Czezz
  0 siblings, 0 replies; only message in thread
From: Czezz @ 2003-10-18 19:53 UTC (permalink / raw)
  To: netfilter

Hello everyone,

here is description of my situation:

my host is behind NAT server (Linux 2.4.x). By default, INPUT and
FORWARD is DROP. OUTPUT is ACCEPT.
There are maden some rules that allow to send/receive mail and for
PROXY server traffic.

Anyway, I want to connect to some server in the external net (
internet). Thatx to command:

   iptables -A FORWARD -i eth1 -j LOG --log-prefix "IPT:UnhandledForward:"

I found in syslog lines like this:

   Oct 16 19:05:59 slack kernel: IPT:UnhandledForward:IN=eth1 OUT=ppp0 SRC=192.168.1.251 DST=62.111.129.3 LEN=36 TOS=0x00 PREC=0x00 TTL=127 ID=17885
PROTO=UDP SPT=23083 DPT=13073 LEN=16
   Oct 16 19:07:44 slack kernel: IPT:UnhandledForward:IN=eth1 OUT=ppp0 SRC=192.168.1.251 DST=62.111.129.3 LEN=36 TOS=0x00 PREC=0x00 TTL=127 ID=18107
PROTO=UDP SPT=23083 DPT=13073 LEN=16
   Oct 16 19:10:27 slack kernel: IPT:UnhandledForward:IN=eth1 OUT=ppp0 SRC=192.168.1.251 DST=62.111.129.3 LEN=36 TOS=0x00 PREC=0x00 TTL=127 ID=18888
PROTO=UDP SPT=23083 DPT=13073 LEN=16
   Oct 16 19:11:08 slack kernel: IPT:UnhandledForward:IN=eth1 OUT=ppp0 SRC=192.168.1.251 DST=62.111.129.3 LEN=36 TOS=0x00 PREC=0x00 TTL=127 ID=19078
PROTO=UDP SPT=23083 DPT=13073 LEN=16

...so why in this situation I tryed to just FORWARD ports: SPT=23083
and DPT=13073. Unfortunately it wont work :(.

This is what I added:

   iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
   iptables -A FORWARD -i eth1 -p udp -m multiport --dport 13073,23083 -j ACCEPT

Dont know realy why it didnt work( maybe someone can explain me that,
because I use similar construction for SMTP and POP3 and it works
perfect)

Anyway i tryed to make DNAT.

I added the following lines:

   iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 13073 -j DNAT --to 192.168.1.251:23083
   iptables -A FORWARD -p tcp -d 192.168.1.251 --dport 23083 -j ACCEPT
   iptables -t nat -A PREROUTING -p udp -i ppp0 --dport 13073 -j DNAT --to-destination 192.168.1.251:23083
   iptables -A FORWARD -p udp -d 192.168.1.251 --dport 23083 -j ACCEPT

...and this method failed too :(

Can anyone give me an hand how to resolve this problem - i will be in
debt forever.

PS.

Please say if any of my description is not understood

-- 
Best regards,



^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2003-10-18 19:53 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-10-18 19:53 DNAT what i am doing wrong ??? Czezz

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.