From: Kai Hendry <hendry@soltecsoftware.com.au>
To: netfilter@lists.netfilter.org
Subject: DNAT
Date: Tue, 19 Jul 2005 12:01:22 +1000 [thread overview]
Message-ID: <42DC5EF2.8060002@soltecsoftware.com.au> (raw)
I have three machines:
192.168.0.1
192.168.0.3
192.168.0.9
On 9 there is service running on port 1199 that I want clients (at 3) to
use from 1.
With SSH I can get this working from 1 with clients at 1 with:
ssh -L 1199:localhost:1199 192.168.0.9
Thought telnet localhost 1199 only works, not telnet 192.168.0.1 1199
Anyway, I don't need encryption.
DNAT is what I've been told I need so:
http://netfilter.org/documentation/HOWTO//NAT-HOWTO-10.html
$ cat i.sh
sudo /sbin/iptables -t nat -F
# This alone doesn't work
sudo /sbin/iptables -t nat -A PREROUTING -p tcp --dport 1199 -i eth0 -j
DNAT --to 192.168.0.9:1199
# I suspect something is wrong here:
sudo /sbin/iptables -t nat -A POSTROUTING -p tcp --dport 1199 -j SNAT
--to 192.168.0.1:1199
sudo /sbin/iptables -t nat -vnxL --line-numbers
It just does not work when from 3:
$ telnet 192.168.0.1 1199
Trying 192.168.0.1...
Packets do show up:
SOLTEC-HDSVR$ sudo /sbin/iptables -t nat -vnxL --line-numbers
Chain PREROUTING (policy ACCEPT 6494 packets, 466878 bytes)
num pkts bytes target prot opt in out
source destination
1 4 240 DNAT tcp -- eth0 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:1199 to:192.168.0.9:1199
Chain POSTROUTING (policy ACCEPT 2102 packets, 388967 bytes)
num pkts bytes target prot opt in out
source destination
Chain OUTPUT (policy ACCEPT 2102 packets, 388967 bytes)
num pkts bytes target prot opt in out
source destination
Though from 1 not at all:
$ telnet 192.168.0.1 1199
Trying 192.168.0.1...
telnet: Unable to connect to remote host: Connection refused
What am I doing wrong?
next reply other threads:[~2005-07-19 2:01 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-19 2:01 Kai Hendry [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-10-26 10:20 DNAT Payal Rathod
2004-10-26 10:30 ` DNAT Primero
2004-10-26 12:42 ` DNAT Jason Opperisano
2004-10-26 7:39 DNAT Payal Rathod
2003-09-08 22:48 DNAT George Vieira
2003-09-08 14:40 DNAT Nejc Skoberne
2003-09-08 22:20 ` DNAT Jim Carter
2003-09-08 22:31 ` DNAT Nejc Skoberne
2003-08-28 22:57 DNAT Mattia Martinello
2003-03-30 14:30 DNAT Alexandru Coseru
2002-12-12 18:00 DNAT Justin Kay
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42DC5EF2.8060002@soltecsoftware.com.au \
--to=hendry@soltecsoftware.com.au \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.