RE: iptables tutorial on DNAT

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "George Vieira" <georgev@citadelcomputer.com.au>
To: cc <cc@belfordhk.com>, Netfilter Group <netfilter@lists.netfilter.org>
Subject: RE: iptables tutorial on DNAT
Date: Thu, 31 Jul 2003 19:44:58 +1000	[thread overview]
Message-ID: <FDEMKKNJDLAJDPNDPCDDCECMNFAA.georgev@citadelcomputer.com.au> (raw)
In-Reply-To: <3F28D95D.60804@belfordhk.com>

This is correct for when you have an internal website running on 192.168.0.1
and your application on the firewall wants to browse it, the DNS will
resolve to the external IP address and your firewall won't be able to
connect to it because the IP doesn't exist.. do you have to DNAT it's OUTPUT
connection to it..

The reason for the error is most likely because the old (and possible still
current) version of iptables had a NAT OUTPUT bug which fails when trying to
NAT the OUTPUT chain..

there's a p-o-m called "local-nat" or something which is the fix for this.

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]On Behalf Of cc
Sent: Thursday, July 31, 2003 6:55 PM
To: Netfilter Group
Subject: iptables tutorial on DNAT

Hi,

I was reading the DNAT part of the IPTABLES tutorial
and have encountered quite confusing.

In section 6.5.2, near the end it writes:

iptables -t nat -A OUTPUT --dst $INET_IP -p tcp --dport 80 \
    -j DNAT --to-destination $HTTP_IP

Is this a mistake?  I used the above line (with
some modifications to suit my setup) and I get an
invalid agrument.

Also, I noticed that the DNAT rules doesn't
include the -i eth? argument.  Is it necessary?

Any clarifications appreciated.

Edmund

** All information contained in this email is strictly     **
** confidential and may be used by the intended receipient **
** only.                                                   **

     prev parent reply	other threads:[~2003-07-31  9:44 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-07-31  8:54 iptables tutorial on DNAT cc
2003-07-31  9:44 ` George Vieira [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=FDEMKKNJDLAJDPNDPCDDCECMNFAA.georgev@citadelcomputer.com.au \
    --to=georgev@citadelcomputer.com.au \
    --cc=cc@belfordhk.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.