iptables local port forward

iptables local port forward

[dfgdfg dfgdf]

Hi 

I have a question about iptables port forward:
I have the following rules which are working ok if I try it
from outside
but when I try it from the localhost (which is running the 
iptables) it is not working ? 
Does any body know why it isn't  working this way?
and what is the solution ?

Thx a lot
Anti
------------------
# Redirect port 5900
iptables -t nat -A PREROUTING -p tcp -d $LOCAL_IP --dport
5900 -j DNAT --to $OTHER_HOST_IP:5900

iptables -t nat -A POSTROUTING -o eth0 -p tcp -d
$OTHER_HOST_IP --dport 5900 -j MASQUERADE


____________________________________________________________________________________________
Kisbabád lesz? Kisbabád született? Tele vagy kérdésekkel, és nem tudod, hol találsz választ?
Kukkants be a Babázóba! - www.babazo.hu

Re: iptables local port forward

[Jörg Harmuth]

dfgdfg dfgdf wrote:
> Hi 
> 
> I have a question about iptables port forward:
> I have the following rules which are working ok if I try it
> from outside
> but when I try it from the localhost (which is running the 
> iptables) it is not working ? 
> Does any body know why it isn't  working this way?
> and what is the solution ?
> 
> Thx a lot
> Anti
> ------------------
> # Redirect port 5900
> iptables -t nat -A PREROUTING -p tcp -d $LOCAL_IP --dport
> 5900 -j DNAT --to $OTHER_HOST_IP:5900
> 
> iptables -t nat -A POSTROUTING -o eth0 -p tcp -d
> $OTHER_HOST_IP --dport 5900 -j MASQUERADE


What *exactly* isn't working ? Do you mean, that eg

telnet $IP_OR_NAME_OF_IPTABLES_BOX 5900

doesn't connect you with $OTHER_HOST_IP:5900, if you issue this command 
on the iptables box itself ? If this is your question, well - iptables 
can't do this with your rule set (assuming that the rules you posted are 
only relevant rules). Locally generated packets never pass 
nat/PREROUTING. They pass nat/OUTPUT instead. See

http://iptables-tutorial.frozentux.net/chunkyhtml/c951.html

for details.

Joerg