* iptables tutorial on DNAT
@ 2003-07-31 8:54 cc
2003-07-31 9:44 ` George Vieira
0 siblings, 1 reply; 2+ messages in thread
From: cc @ 2003-07-31 8:54 UTC (permalink / raw)
To: Netfilter Group
[-- Attachment #1: Type: text/plain, Size: 679 bytes --]
Hi,
I was reading the DNAT part of the IPTABLES tutorial
and have encountered quite confusing.
In section 6.5.2, near the end it writes:
iptables -t nat -A OUTPUT --dst $INET_IP -p tcp --dport 80 \
-j DNAT --to-destination $HTTP_IP
Is this a mistake? I used the above line (with
some modifications to suit my setup) and I get an
invalid agrument.
Also, I noticed that the DNAT rules doesn't
include the -i eth? argument. Is it necessary?
Any clarifications appreciated.
Edmund
** All information contained in this email is strictly **
** confidential and may be used by the intended receipient **
** only. **
^ permalink raw reply [flat|nested] 2+ messages in thread* RE: iptables tutorial on DNAT
2003-07-31 8:54 iptables tutorial on DNAT cc
@ 2003-07-31 9:44 ` George Vieira
0 siblings, 0 replies; 2+ messages in thread
From: George Vieira @ 2003-07-31 9:44 UTC (permalink / raw)
To: cc, Netfilter Group
This is correct for when you have an internal website running on 192.168.0.1
and your application on the firewall wants to browse it, the DNS will
resolve to the external IP address and your firewall won't be able to
connect to it because the IP doesn't exist.. do you have to DNAT it's OUTPUT
connection to it..
The reason for the error is most likely because the old (and possible still
current) version of iptables had a NAT OUTPUT bug which fails when trying to
NAT the OUTPUT chain..
there's a p-o-m called "local-nat" or something which is the fix for this.
-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]On Behalf Of cc
Sent: Thursday, July 31, 2003 6:55 PM
To: Netfilter Group
Subject: iptables tutorial on DNAT
Hi,
I was reading the DNAT part of the IPTABLES tutorial
and have encountered quite confusing.
In section 6.5.2, near the end it writes:
iptables -t nat -A OUTPUT --dst $INET_IP -p tcp --dport 80 \
-j DNAT --to-destination $HTTP_IP
Is this a mistake? I used the above line (with
some modifications to suit my setup) and I get an
invalid agrument.
Also, I noticed that the DNAT rules doesn't
include the -i eth? argument. Is it necessary?
Any clarifications appreciated.
Edmund
** All information contained in this email is strictly **
** confidential and may be used by the intended receipient **
** only. **
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-07-31 9:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-07-31 8:54 iptables tutorial on DNAT cc
2003-07-31 9:44 ` George Vieira
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.