From: Andrew <andrew@arda.homeunix.net>
To: netfilter@lists.netfilter.org
Subject: Re: forwarding traffic from one port to another on the same box
Date: Wed, 28 Jan 2004 07:50:43 -0500 [thread overview]
Message-ID: <bv8b75$udn$1@sea.gmane.org> (raw)
In-Reply-To: <200401280549.i0S5nqmK030255@server5.bandwidthco.com>
Mark E. Donaldson wrote:
> Andrew - your DNAT rule looks fine to me and it should work. I really
> think your problem is the first rule, even though the error is apparently
> charged to the second rule. I think what you need to do is change the first
> rule to -A to the INPUT chain and not the forward chain and it should work.
> The packet is not being forwarded, but is rather destined to the same NIC -
> so it should be the INPUT chain. Try that and see if it does the trick. If
> not, holler again cause there are many with greater expertise on this list
> than me.
Thanks for the advice but it's a no-go. I get the same error, 'Invalid
argument', from the PREROUTING command if I use INPUT instead of FORWARD
in the first command.
I also tried replacing the DNAT target in the second command with
REDIRECT. It didn't help.
Andrew
>
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Andrew
> Sent: Tuesday, January 27, 2004 6:38 PM
> To: netfilter@lists.netfilter.org
> Subject: forwarding traffic from one port to another on the same box
>
> I would like to forward all tcp traffic arriving on a particular port to
> another port on the same machine. This has worked for me in the past but I
> can't get it working on my current machine.
>
> Here are the two commands I'm using to try to create the forward.
>
> iptables -I FORWARD -p tcp -d 192.168.10.34 --dport 26 -j ACCEPT
>
> iptables -t nat -A PREROUTING -p tcp -i eth0 -s 0/0 -d 192.168.10.34 --dport
> 26 -j DNAT --to 192.168.10.34:25
>
> The first command is accepted but the second command results in an 'Invalid
> argument' error.
>
> The computer has only one interface, eth0. Here are its particulars:
> Mandrake Linux 9.2
> Iptables 1.2.8
> kernel 2.4.24 patched with super-freeswan 1.99.8
>
> The value of /proc/sys/net/ipv4/conf/eth0/forwarding is 0. Changing it to 1
> has no impact.
> The value of /proc/sys/net/ipv4/conf/eth0/rp_filter is 0.
>
> I hope someone out there has some ideas about what's going on because I'm
> all out.
>
> Andrew
>
>
>
>
>
>
prev parent reply other threads:[~2004-01-28 12:50 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-28 2:37 forwarding traffic from one port to another on the same box Andrew
2004-01-28 5:49 ` Mark E. Donaldson
2004-01-28 12:50 ` Andrew [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='bv8b75$udn$1@sea.gmane.org' \
--to=andrew@arda.homeunix.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.