Re: what's the problem of DNAT

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Buddy wu <ejournal4me@gmail.com>
To: Rob Sterenborg <rob@sterenborg.info>
Cc: netfilter@lists.netfilter.org
Subject: Re: what's the problem of DNAT
Date: Mon, 31 Oct 2005 16:26:59 +0800	[thread overview]
Message-ID: <43a0cdcb0510310026t66d553f2v@mail.gmail.com> (raw)
In-Reply-To: <54583.193.173.147.3.1130746205.squirrel@webmail.sterenborg.info>

> Has anything changed in the FORWARD chain ? You need to allow it there.
>
follows are FORWARD chain. I think I DROP nothing except in the list.
I HAVE modified the policy of FORWARD chain to ACCEPT. that's why i'm
puzzled.
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0           ipp2p
v0.8.0_rc3 --ipp2p
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED
ACCEPT     tcp  --  192.168.20.90        192.168.8.66        tcp dpts:137:445
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:445
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:137:139
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:5554
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:1433:1444
DROP       all  --  0.0.0.0/0            202.101.43.60
DROP       all  --  0.0.0.0/0            202.101.43.67
DROP       all  --  0.0.0.0/0            202.101.43.57

And there is another Interest thing (I'm pained with the "interesting thing")
where I use 'sbin/iptables -t nat -A PREROUTING -d Inet2 -p tcp
--dport 8087 -j DNAT --to 192.168.16.100:8087' rule, I can access
http://Inet2:8087 in the LAN, but I can't access http://Inet2:8087
through Internet(I have a machine direct access to internet)

when turn to use 'sbin/iptables -t nat -A PREROUTING -d Inet2 -p tcp
--dport 80 -j DNAT --to 192.168.16.100:8087' then I can access
http://Inet2:80 in the LAN, and both can access http://Inet2:80 in
Internet... that's the thing i had meet

next prev parent reply	other threads:[~2005-10-31  8:26 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-10-31  3:31 what's the problem of DNAT Buddy wu
2005-10-31  5:24 ` Buddy wu
2005-10-31  6:59 ` Henrik Nordstrom
2005-10-31  7:58   ` Buddy wu
2005-10-31  8:10     ` Rob Sterenborg
2005-10-31  8:26       ` Buddy wu [this message]
2005-10-31 13:25         ` Henrik Nordstrom

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43a0cdcb0510310026t66d553f2v@mail.gmail.com \
    --to=ejournal4me@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    --cc=rob@sterenborg.info \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.