Re: Problem with DNAT from localhost to LAN via loopback

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Taylor, Grant" <gtaylor@riverviewtech.net>
To: Charles Delorme <charles.delorme@suricat.net>
Cc: netfilter@lists.netfilter.org
Subject: Re: Problem with DNAT from localhost to LAN via loopback
Date: Thu, 14 Apr 2005 13:06:49 -0500	[thread overview]
Message-ID: <425EB139.7010408@riverviewtech.net> (raw)
In-Reply-To: <1113492519.425e8c27488ab@imp1-q.free.fr>

> My problem is from the linux box when trying "telnet [official WAN IP] 3739"
> which replies "connection refused". "tcpdump -nt -i lo" shows a simple SYN then
> RST. I've add LOG to chains (INPUT/FORWARD/OUTPUT/PREROUTING/POSTROUTING) and
> found this telnet connection does not go via the PREROUTING chain. So it
> doesn't find any local 3739 port listening so it is not redirected to the
> LAN... When I fire up a netcat listing on the port, I can get the connection -
> off course (but as I said before, configuration is more complicated and this
> test was mandatory)

Is this problem localized to just the Linux box it's self or does it extend to your inter LAN connected systems as well?

I was going to ask if you could DNAT internal traffic that was outbound to your WAN IP but after rereading your IPTables rules you are not specifying an interface to apply your rules to so they apply to all and thus you are doing exactly that.  The next question that comes to mind is are you by chance firewalling traffic that would come in the LAN interface and then turn around and go right back out the same LAN interface?  I.e. people set a default policy of DROP and explicitly allow $LAN to $INet and $INet to $LAN but not necessarily $LAN to $LAN.

Grant. . . .

     prev parent reply	other threads:[~2005-04-14 18:06 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-14 15:28 Problem with DNAT from localhost to LAN via loopback Charles Delorme
2005-04-14 17:18 ` Jason Opperisano
2005-04-14 20:01   ` Charles Delorme
2005-04-14 20:19     ` Jason Opperisano
2005-04-14 23:59       ` Charles Delorme
2005-04-14 18:06 ` Taylor, Grant [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=425EB139.7010408@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=charles.delorme@suricat.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.