Re: Trying to set up NAT - Christoph Galuschka

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Christoph Galuschka" <christoph.galuschka@tikom.at>
To: netfilter@lists.netfilter.org
Subject: Re: Trying to set up NAT
Date: Fri, 01 Apr 2005 17:50:00 +0200	[thread overview]
Message-ID: <424D89C8.13559.11842C33@localhost> (raw)
In-Reply-To: <20050402013459.70a072a9.harold.a.burchey@uts.edu.au>

Hello,

well to clear some things up.
A short drawing of the setup:

|			      |
|-----------------------------------|     10.1.1.0/24
|	|	|	      |
	|	|
       |-------|  |-------|
       |  P    |  |   W  |
       |-------|  |-------|

P is 10.1.1.1; W is 10.1.1.2

TCP-packets coming from the 10.1.1.0-net going to P on port 
15000 should end up at W port 80. IMHO the relevent line for 
this is:
iptables -t nat PREROUTING -d 10.1.1.1 --dport 15000 -j 
DNAT --to-destination 10.1.1.2:80

tcpdump also shows me some packets ariving on port 15000 
but nothing more.

thanks and regards
Christoph

Am 2 Apr 2005 um 1:34, schrieb Harold Burchey:

> On Fri, 01 Apr 2005 17:09:43 +0200
> Christoph Galuschka <christoph.galuschka@tikom.at> wrote:
> 
> > ie: A connection to the proxy (10.1.1.1) on port 15000 
should 
> > go to another machine (10.1.1.2) on port 80 via the proxy.
> 
> I recently set up my DNAT. There was one 'gotcha' that 
certainly got me.
> >From the symptoms you're describing you may be having 
the same problem.
> Basically when you use DNAT to forward packets, be sure 
that your
> firewall is also configured to pass them.
> 
> A lot of websites recommend a simple firewall which drops 
all packets
> that aren't related or established, but these are the exact 
packets
> which need to be passed if you have a server behind your 
firewall and
> want to pass new connections to it.
> 
> Here are a couple of lines of code that might help:
> 
> iptables -t nat -A PREROUTING -p tcp --dport 15000 -j 
DNAT --to-destination 10.1.1.2:80
> iptables -A FORWARD -p tcp --dport 80 -j ACCEPT 
> 
> On the other hand, I'm only taking a stab in the dark here. If 
you
> posted the relevent snippets of code you may get more 
useful responses.

next prev parent reply	other threads:[~2005-04-01 15:50 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-01 15:09 Trying to set up NAT Christoph Galuschka
2005-04-01 15:34 ` Harold Burchey
2005-04-01 15:50   ` Christoph Galuschka [this message]
     [not found] ` <424D6F69.8000803@mnemon.de>
2005-04-01 16:13   ` Christoph Galuschka

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=424D89C8.13559.11842C33@localhost \
    --to=christoph.galuschka@tikom.at \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.