From: Bill Davidsen <davidsen@tmr.com>
To: netfilter@lists.netfilter.org
Subject: Re: iptables local port forwarding
Date: Sat, 03 Apr 2004 12:30:38 -0500 [thread overview]
Message-ID: <c4ms44$qhg$1@gatekeeper.tmr.com> (raw)
In-Reply-To: <200404031127.02648.Antony@Soft-Solutions.co.uk>
Antony Stone wrote:
> On Saturday 03 April 2004 10:50 am, Mark Ord wrote:
>
>
>>I have iptables setup, firewalling eth0 (the internet) extensively, and
>>doing NAT for my lan, and some custom port forwards.
>>
>>One is forwarding port 81 -> 80 - due to my provider firewalling port
>>80:
>> iptables -t nat -I PREROUTING -p tcp --dport 81 -j REDIRECT --to 80
>>
>>This works for connections coming in on both eth0, and eth1. However, I
>>can't connect to port 81 on the iptables machine (no matter what
>>iptables rules I try).
>
>
> That rule looks fine to me, and you must obviously have an appropriate INPUT
> rule allowing the connection to port 80 after the REDIRECT has completed,
> otherwise you wouldn't be able to connect directly to port 80 which you say
> works fine.
>
> The only thing I can think to ask is whether "iptables -L -t nat -nvx" shows
> the packet/byte counters for this rule incrementing when you do try to access
> port 81?
>
> Perhaps a few judicious LOGging rules (before and after the REDIRECT in the
> nat table, before and after the ACCEPT in the INPUT chain) will tell you
> something useful?
Actually, you need to allow port 81 in, it doesn't become 80 until after
the rewrite.
--
bill davidsen <davidsen@tmr.com>
CTO TMR Associates, Inc
Doing interesting things with small computers since 1979
next prev parent reply other threads:[~2004-04-03 17:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-03 9:50 iptables local port forwarding Mark Ord
2004-04-03 10:27 ` Antony Stone
2004-04-03 17:30 ` Bill Davidsen [this message]
2004-04-03 23:09 ` Antony Stone
2004-04-04 11:03 ` Mark Ord
2004-04-05 17:44 ` Antony Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='c4ms44$qhg$1@gatekeeper.tmr.com' \
--to=davidsen@tmr.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.