From: Igor Tsinman <igort@go-wlan.com>
To: Mario Ohnewald <mario.Ohnewald@gmx.de>
Cc: netfilter@lists.netfilter.org
Subject: Re: NAT FROM public ip TO public ip
Date: Thu, 06 Jan 2005 09:23:43 +0200 [thread overview]
Message-ID: <41DCE77F.4020503@go-wlan.com> (raw)
In-Reply-To: <10459.1105072608@www72.gmx.net>
Mario Ohnewald wrote:
>Hello List!
>
>This is a real easy question, but i will explain it in detail so that you
>know what i am on about ;)
>
>I have two internet boxes, both have only one nic.
>Box A is my root box.
>Box B is a ftp server (where i am not admin, but i have an ftp account).
>
>Both, Box A and B have a public ip address.
>You can NOT access the ftp server from the outside.
>ONLY Box A can connect to that ftp server (Box B).
>
>So i though i could simply nat a connection through my Box A, to Box B.
>If i connect from the real bad world, to my Box A, port 2121. Box A could
>forward/NAT that to the internal ftp box.
>
>I have tried it with this rule:
>$IPT -t nat -A PREROUTING -i eth0 -p tcp -d 123.123.123.123 -m helper
>--helper ftp-2121 -j DNAT --to-destination 123.123.123.111
>
>and
>
>modprobe ip_conntrack_ftp ports=21,2121
>
>
>But it looks like its not working.
>I did a tcpdump -i eth0 -n host 123.123.123.111
>
>
>And no packages where transfered to the ftp box (123.123.123.111).
>Any idea why? Am i going the right way at all?
>
>Thanks, Mario
>
>
>
You have to add an additional rule:
$IPT -A FORWARD -p tcp -i eth1 -d 23.123.123.123 --dport 2121 -j ACCEPT
For this example, eth0 is external and eth1 is internal.
Cheers,
Igor Tsinman
igort@gonetworks.com
next prev parent reply other threads:[~2005-01-06 7:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-07 4:36 NAT FROM public ip TO public ip Mario Ohnewald
2005-01-06 7:23 ` Igor Tsinman [this message]
2005-01-07 12:57 ` Mario Ohnewald
2005-01-08 8:43 ` Igor Tsinman
2005-01-09 22:17 ` Mario Ohnewald
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41DCE77F.4020503@go-wlan.com \
--to=igort@go-wlan.com \
--cc=mario.Ohnewald@gmx.de \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.