* Redirecting packet from incoming external interface to a different external machine.
@ 2005-08-15 18:04 Jeffrey Carter
2005-08-17 5:03 ` Grant Taylor
0 siblings, 1 reply; 2+ messages in thread
From: Jeffrey Carter @ 2005-08-15 18:04 UTC (permalink / raw)
To: netfilter
Here is what I'm looking to do (And please tell me if I'm crazy as I've
been beating my head on this for a week)
I'm looking to take a packet that is incoming on my machine, on port 21
and redirect it to port 3805 on a completely different external machine.
Basically, I'm trying to solve how to make the machine a transparent
proxy on the same external interface. The packets coming in on port 21
can be coming from anywhere on the internet, and will be sent to port
3805 on the remote machine, which then should come back through my box
and back to the clients.
Any ideas on using iptables for this? I dusted off redir and while it
worked it had its occasional issues so I'm trying to bring a better
hammer to beat on the nail.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Redirecting packet from incoming external interface to a different external machine.
2005-08-15 18:04 Redirecting packet from incoming external interface to a different external machine Jeffrey Carter
@ 2005-08-17 5:03 ` Grant Taylor
0 siblings, 0 replies; 2+ messages in thread
From: Grant Taylor @ 2005-08-17 5:03 UTC (permalink / raw)
To: netfilter
iptables -t nat -A PREROUTING -i ${ExternalInterface} -d ${ExternalInterfaceIP} -p tcp --dport 21 -j DNAT --to-destination ${DestinationServerIP}:3805
iptables -t nat -A POSTROUTING -o ${ExternalInterface} -d ${DestinationServerIP} -j SNAT --to-source ${ExternalInterfaceIP}
iptables -t filter -A FORWARD -i ${ExternalInterface} -o ${ExternalInterface} -d ${DestinationServerIP} -j ACCEPT
iptables -t filter -A FORWARD -i ${ExternalInterface} -o ${ExternalInterface} -s ${DestinationServerIP} -j ACCEPT
These rules should do exactly what you are wanting. However I'm betting that because you are talking about port 21 there is a chance that you are dealing with FTP. If that is indeed the case you will need to be careful what you do with the other ports that FTP opens as they may not pass through the system the same way.
Grant. . . .
Jeffrey Carter wrote:
> Here is what I'm looking to do (And please tell me if I'm crazy as I've
> been beating my head on this for a week)
>
> I'm looking to take a packet that is incoming on my machine, on port 21
> and redirect it to port 3805 on a completely different external machine.
> Basically, I'm trying to solve how to make the machine a transparent
> proxy on the same external interface. The packets coming in on port 21
> can be coming from anywhere on the internet, and will be sent to port
> 3805 on the remote machine, which then should come back through my box
> and back to the clients.
>
> Any ideas on using iptables for this? I dusted off redir and while it
> worked it had its occasional issues so I'm trying to bring a better
> hammer to beat on the nail.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-08-17 5:03 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-08-15 18:04 Redirecting packet from incoming external interface to a different external machine Jeffrey Carter
2005-08-17 5:03 ` Grant Taylor
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.