* Redirecting internal tcp connections
@ 2005-04-15 17:12 marcus
2005-04-15 17:57 ` Jose Maria Lopez Hernandez
0 siblings, 1 reply; 3+ messages in thread
From: marcus @ 2005-04-15 17:12 UTC (permalink / raw)
To: netfilter
Hi, I have a lpd server on a remote host that ISP blocks port 515. I try
to use something like "lpr -Plp@remotehost.com:900" but lprng doenst
seems to recognize the port argument. So, I think to use iptables to
redirect TCP requests on port 515 to port 900 but I dont know how. I've
tried the following:
#iptables -A OUTPUT -p tcp --dport 515 -j REDIRECT --to-port 900
This gives me a "iptables: Invalid argument"
Any ideas?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Redirecting internal tcp connections
2005-04-15 17:12 Redirecting internal tcp connections marcus
@ 2005-04-15 17:57 ` Jose Maria Lopez Hernandez
2005-04-15 20:17 ` Taylor, Grant
0 siblings, 1 reply; 3+ messages in thread
From: Jose Maria Lopez Hernandez @ 2005-04-15 17:57 UTC (permalink / raw)
To: netfilter@lists.netfilter.org
El vie, 15-04-2005 a las 14:12 -0300, marcus escribió:
> Hi, I have a lpd server on a remote host that ISP blocks port 515. I try
> to use something like "lpr -Plp@remotehost.com:900" but lprng doenst
> seems to recognize the port argument. So, I think to use iptables to
> redirect TCP requests on port 515 to port 900 but I dont know how. I've
> tried the following:
>
> #iptables -A OUTPUT -p tcp --dport 515 -j REDIRECT --to-port 900
>
> This gives me a "iptables: Invalid argument"
>
> Any ideas?
You have to do this in the nat table and the prerouting or
output chain, and you should use DNAT instead of REDIRECT,
because REDIRECT is for packets with destination your own
machine. So we have:
iptables -t nat -A PREROUTING -p tcp --dport 515 -j DNAT --to-
destination remotehost.com:900
Regards.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Redirecting internal tcp connections
2005-04-15 17:57 ` Jose Maria Lopez Hernandez
@ 2005-04-15 20:17 ` Taylor, Grant
0 siblings, 0 replies; 3+ messages in thread
From: Taylor, Grant @ 2005-04-15 20:17 UTC (permalink / raw)
To: Jose Maria Lopez Hernandez; +Cc: netfilter@lists.netfilter.org
> You have to do this in the nat table and the prerouting or
> output chain, and you should use DNAT instead of REDIRECT,
> because REDIRECT is for packets with destination your own
> machine. So we have:
>
> iptables -t nat -A PREROUTING -p tcp --dport 515 -j DNAT --to-
> destination remotehost.com:900
I would suggest that you add a destination match as well so that you don't blindly redirect traffic destend to any system's LPD port. I.e. make your IPTables like look like this:
iptables -t nat -A PREROUTING -p tcp -d remotehost.com --dport 515 -j DNAT --to-destination remotehost.com:900
Grant. . . .
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-04-15 20:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-04-15 17:12 Redirecting internal tcp connections marcus
2005-04-15 17:57 ` Jose Maria Lopez Hernandez
2005-04-15 20:17 ` Taylor, Grant
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.