PREROUTING to a non local subnet

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Manu <traqueur@club-internet.fr>
To: netfilter@vger.kernel.org
Subject: PREROUTING to a non local subnet
Date: Mon, 09 Sep 2013 16:34:26 +0200	[thread overview]
Message-ID: <522DDC72.4000402@club-internet.fr> (raw)

Hello

I'm running iptable v1.4.7 on a linux with two NIC.
One has adress 192.168.1.31 (the lan)
The other has a public IP. Let's say 180.180.180.180

On the lan, I have a VPN which join two network : 192.168.1.0 and 
192.168.2.0

I'm trying to forward 5900 port (vnc) to a computer which is on the 
second subnet with adress 192.168.2.100
iptables -A PREROUTING -t nat -p tcp  -i eth1 --dport 5900 -j DNAT 
--to-destination 192.168.2.100:5900
iptables -A FORWARD -p tcp -d 192.168.2.100--dport 5900 -j ACCEPT
and it doesn't work

I've tried the same on the local network with adress 192.168.1.99
iptables -A PREROUTING -t nat -p tcp  -i eth1 --dport 5900 -j DNAT 
--to-destination 192.168.1.99:5900
iptables -A FORWARD -p tcp -d 192.168.1.99--dport 5900 -j ACCEPT
and it's working like a charm

I've done my test with another computer with public adress 200.200.200.200

I've done a netstat one the two computers
on 192.168.2.100 i've seen he's talking to 180.180.180.180 (<-- my 
server running iptable)
on 192.168.1.99 i've seen he's talking to 200.200.200.200 (<-- the 
computer on internet which i'm running my test from)

thanks for your attention

next             reply	other threads:[~2013-09-09 14:34 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-09 14:34 Manu [this message]
2013-09-16  7:26 ` PREROUTING to a non local subnet Manu
2013-09-16 21:08   ` Humberto Jucá
2013-09-16  9:23 ` Vigneswaran R
     [not found]   ` <5236FAB3.2000401@club-internet.fr>
2013-09-17  4:40     ` Vigneswaran R

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=522DDC72.4000402@club-internet.fr \
    --to=traqueur@club-internet.fr \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.