* Local Port Forwarding.
@ 2005-04-22 21:41 Alejandro Villarroel
2005-04-22 21:57 ` Jason Opperisano
2005-04-22 21:59 ` Taylor, Grant
0 siblings, 2 replies; 8+ messages in thread
From: Alejandro Villarroel @ 2005-04-22 21:41 UTC (permalink / raw)
To: netfilter
Hello:
I'm kind of new to IpTables, and I'm having problems to do this kind of
port forwarding in my Fedora Core 3:
Suppose I have some user trying to access Host X:Port X on the Internet
from my Linux, but Instead of that I want to forward this traffic to the
localhost:Port Y, what rule I have to apply?
Thanks in advance,
Alejandro
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Local Port Forwarding.
2005-04-22 21:41 Local Port Forwarding Alejandro Villarroel
@ 2005-04-22 21:57 ` Jason Opperisano
2005-04-22 22:02 ` Taylor, Grant
2005-04-22 21:59 ` Taylor, Grant
1 sibling, 1 reply; 8+ messages in thread
From: Jason Opperisano @ 2005-04-22 21:57 UTC (permalink / raw)
To: netfilter
On Fri, Apr 22, 2005 at 05:41:38PM -0400, Alejandro Villarroel wrote:
> Hello:
> I'm kind of new to IpTables, and I'm having problems to do this kind of
> port forwarding in my Fedora Core 3:
>
> Suppose I have some user trying to access Host X:Port X on the Internet
> from my Linux, but Instead of that I want to forward this traffic to the
> localhost:Port Y, what rule I have to apply?
your kernel needs to be compiled with the option to nat local
connections:
CONFIG_IP_NF_NAT_LOCAL=y
(i *believe* that FC3 includes this in their kernel--don't quote me on
that)
with that, you can DNAT local connections in the nat table, OUTPUT
chain:
iptables -t nat -A OUTPUT -p tcp -d $HostX --dport $PortY \
-j DNAT --to-destination $LocalHost:$PortY
HTH...
-j
--
"Diane: Tom, you're so deep in the closet you're finding Christmas
presents."
--Family Guy
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: Local Port Forwarding.
2005-04-22 21:57 ` Jason Opperisano
@ 2005-04-22 22:02 ` Taylor, Grant
2005-04-22 22:07 ` Jason Opperisano
2005-04-26 12:59 ` Alejandro Villarroel
0 siblings, 2 replies; 8+ messages in thread
From: Taylor, Grant @ 2005-04-22 22:02 UTC (permalink / raw)
To: Jason Opperisano; +Cc: netfilter
> iptables -t nat -A OUTPUT -p tcp -d $HostX --dport $PortY \
> -j DNAT --to-destination $LocalHost:$PortY
Slight typo
iptables -t nat -A OUTPUT -p tcp -d $HostX --dport $PortX -j DNAT --to-destination $LocalHost:$PortY
Grant. . . .
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Local Port Forwarding.
2005-04-22 22:02 ` Taylor, Grant
@ 2005-04-22 22:07 ` Jason Opperisano
2005-04-27 20:48 ` Nick Drage
2005-04-26 12:59 ` Alejandro Villarroel
1 sibling, 1 reply; 8+ messages in thread
From: Jason Opperisano @ 2005-04-22 22:07 UTC (permalink / raw)
To: netfilter
On Fri, Apr 22, 2005 at 05:02:04PM -0500, Taylor, Grant wrote:
> > iptables -t nat -A OUTPUT -p tcp -d $HostX --dport $PortY \
> > -j DNAT --to-destination $LocalHost:$PortY
>
> Slight typo
>
> iptables -t nat -A OUTPUT -p tcp -d $HostX --dport $PortX -j DNAT
> --to-destination $LocalHost:$PortY
whoops. nice catch.
-j
--
"Brian: You got anything on that remote lower than Mute?"
--Family Guy
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: Local Port Forwarding.
2005-04-22 22:07 ` Jason Opperisano
@ 2005-04-27 20:48 ` Nick Drage
2005-04-27 21:00 ` Jason Opperisano
0 siblings, 1 reply; 8+ messages in thread
From: Nick Drage @ 2005-04-27 20:48 UTC (permalink / raw)
To: netfilter
On Fri, Apr 22, 2005 at 06:07:15PM -0400, Jason Opperisano wrote:
> On Fri, Apr 22, 2005 at 05:02:04PM -0500, Taylor, Grant wrote:
> > > iptables -t nat -A OUTPUT -p tcp -d $HostX --dport $PortY \
> > > -j DNAT --to-destination $LocalHost:$PortY
> >
> > Slight typo
> >
> > iptables -t nat -A OUTPUT -p tcp -d $HostX --dport $PortX -j DNAT
> > --to-destination $LocalHost:$PortY
>
> whoops. nice catch.
iptables -t nat -A OUTPUT -p udp -d 192.168.13.43 --dport 161 -j
REDIRECT --to-ports 32789
Makes no difference to the traffic I sent out on port 161 to host
192.168.14.43, any ideas on what I could be missing out?
I'm using iptables version 1.2.8 if that makes a difference....
--
http://tinyurl.com/7xyt2
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Local Port Forwarding.
2005-04-27 20:48 ` Nick Drage
@ 2005-04-27 21:00 ` Jason Opperisano
0 siblings, 0 replies; 8+ messages in thread
From: Jason Opperisano @ 2005-04-27 21:00 UTC (permalink / raw)
To: netfilter
On Wed, Apr 27, 2005 at 09:48:59PM +0100, Nick Drage wrote:
> iptables -t nat -A OUTPUT -p udp -d 192.168.13.43 --dport 161 -j
> REDIRECT --to-ports 32789
>
> Makes no difference to the traffic I sent out on port 161 to host
> 192.168.14.43, any ideas on what I could be missing out?
speaking of typos--your rule has "-d 192.168.13.43" and you say it
doesn't affect traffic destined for 192.168.14.43. typo in the email,
or in the rule?
> I'm using iptables version 1.2.8 if that makes a difference....
and your kernel is compiled with:
CONFIG_IP_NF_NAT_LOCAL=y
-j
--
"Stewie: Damn it! I want pancakes! God! You people understand every
language except English. Yo quiero pancakes. Donnez-moi pancakes.
Click-click-bloody click pancakes!
--Family Guy
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Local Port Forwarding.
2005-04-22 22:02 ` Taylor, Grant
2005-04-22 22:07 ` Jason Opperisano
@ 2005-04-26 12:59 ` Alejandro Villarroel
1 sibling, 0 replies; 8+ messages in thread
From: Alejandro Villarroel @ 2005-04-26 12:59 UTC (permalink / raw)
To: Taylor, Grant; +Cc: netfilter
Thanks Taylor and Jason, both solutions worked just fine,
Thanks for your help,
Alejandro
iptables -t nat -A OUTPUT -d $HostX -p tcp --dport $PortX -j REDIRECT --
to-ports $PortY
On Fri, 2005-04-22 at 17:02 -0500, Taylor, Grant wrote:
> > iptables -t nat -A OUTPUT -p tcp -d $HostX --dport $PortY \
> > -j DNAT --to-destination $LocalHost:$PortY
>
> Slight typo
>
> iptables -t nat -A OUTPUT -p tcp -d $HostX --dport $PortX -j DNAT --to-destination $LocalHost:$PortY
>
>
>
> Grant. . . .
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Local Port Forwarding.
2005-04-22 21:41 Local Port Forwarding Alejandro Villarroel
2005-04-22 21:57 ` Jason Opperisano
@ 2005-04-22 21:59 ` Taylor, Grant
1 sibling, 0 replies; 8+ messages in thread
From: Taylor, Grant @ 2005-04-22 21:59 UTC (permalink / raw)
To: Alejandro Villarroel; +Cc: netfilter
> Hello:
> I'm kind of new to IpTables, and I'm having problems to do this kind of
> port forwarding in my Fedora Core 3:
>
> Suppose I have some user trying to access Host X:Port X on the Internet
> from my Linux, but Instead of that I want to forward this traffic to the
> localhost:Port Y, what rule I have to apply?
>
> Thanks in advance,
> Alejandro
Alejandro, are you wanting to redirect the traffic of someone (or something / some daemon) running locally on the box that will be doing the redirection? Or are you wanting to redirect the traffic from an internet connected client to a different system? From what I read of your question the situation is the former. As such I'm going to answer that question.
iptables -t nat -A OUTPUT -d $HostX -p tcp --dport $PortX -j REDIRECT --to-ports $PortY
Grant. . . .
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2005-04-27 21:00 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-04-22 21:41 Local Port Forwarding Alejandro Villarroel
2005-04-22 21:57 ` Jason Opperisano
2005-04-22 22:02 ` Taylor, Grant
2005-04-22 22:07 ` Jason Opperisano
2005-04-27 20:48 ` Nick Drage
2005-04-27 21:00 ` Jason Opperisano
2005-04-26 12:59 ` Alejandro Villarroel
2005-04-22 21:59 ` Taylor, Grant
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.