* connect to different port
@ 2005-12-08 12:56 Brent Clark
2005-12-08 13:13 ` Jörg Harmuth
0 siblings, 1 reply; 4+ messages in thread
From: Brent Clark @ 2005-12-08 12:56 UTC (permalink / raw)
To: Netfilter
Hi all
I would like to have it so that a connection (destined for port 8080) comes in on eth0 and jumps to port 3389
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to 192.168.111.248:3389
$IPT -t filter -A FORWARD -i eth0 -p tcp --dport 8080 -d 192.168.111.248 -j ACCEPT
For some reason, I cant get this to work.
I cant use:
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to 192.168.111.248:3389
$IPT -t filter -A FORWARD -i eth0 -p tcp --dport 3389 -d 192.168.111.248 -j ACCEPT
as this is already in use for another machine
If anyone has the answer i would be most grateful.
Kind Regards
Brent Clark
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: connect to different port
@ 2005-12-08 13:00 Eray Aslan
2005-12-08 14:48 ` Brent Clark
0 siblings, 1 reply; 4+ messages in thread
From: Eray Aslan @ 2005-12-08 13:00 UTC (permalink / raw)
To: Netfilter
netfilter-bounces@lists.netfilter.org <> wrote:
> Hi all
>
> I would like to have it so that a connection (destined for
> port 8080) comes in on eth0 and jumps to port 3389
>
> $IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to
> 192.168.111.248:3389 $IPT -t filter -A FORWARD -i eth0 -p tcp --dport
> 8080 -d 192.168.111.248 -j ACCEPT
>
Try
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to 192.168.111.248:3389
$IPT -t filter -A FORWARD -i eth0 -p tcp --dport 3389 -d 192.168.111.248 -j ACCEPT
--
Eray
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: connect to different port
2005-12-08 12:56 connect to different port Brent Clark
@ 2005-12-08 13:13 ` Jörg Harmuth
0 siblings, 0 replies; 4+ messages in thread
From: Jörg Harmuth @ 2005-12-08 13:13 UTC (permalink / raw)
To: netfilter
Brent Clark schrieb:
> Hi all
>
> I would like to have it so that a connection (destined for port 8080)
> comes in on eth0 and jumps to port 3389
>
> $IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to
> 192.168.111.248:3389
> $IPT -t filter -A FORWARD -i eth0 -p tcp --dport 8080 -d 192.168.111.248
> -j ACCEPT
Try "--dport 3389" in your FORWARD rule, as the destination port is
already rewritten in nat/PREROUTING.
If you don't have it already, you need a rule in FORWARD that allows the
traffic back. Something like:
-A FORWARD -s 192.168.111.248 -j ACCEPT
or something more restrictive.
HTH,
Joerg
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: connect to different port
2005-12-08 13:00 Eray Aslan
@ 2005-12-08 14:48 ` Brent Clark
0 siblings, 0 replies; 4+ messages in thread
From: Brent Clark @ 2005-12-08 14:48 UTC (permalink / raw)
To: Eray Aslan; +Cc: Netfilter
Eray Aslan wrote:
> netfilter-bounces@lists.netfilter.org <> wrote:
>
> Try
>
> $IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to 192.168.111.248:3389
> $IPT -t filter -A FORWARD -i eth0 -p tcp --dport 3389 -d 192.168.111.248 -j ACCEPT
>
Hi Eray
Thanks for this, I cant believe I didnt pick this up.
Thanks again.
Brent Clark
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-12-08 14:48 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-12-08 12:56 connect to different port Brent Clark
2005-12-08 13:13 ` Jörg Harmuth
-- strict thread matches above, loose matches on Subject: below --
2005-12-08 13:00 Eray Aslan
2005-12-08 14:48 ` Brent Clark
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.