From: "Mcminn, Matt 8869" <melfinadev@chartermi.net>
To: netfilter@lists.netfilter.org
Subject: iptables and port mapping
Date: Mon, 10 Mar 2003 01:05:27 -0500 [thread overview]
Message-ID: <web-117748330@back2.chartermi.net> (raw)
I'm trying to get port mapping working on a debian box I
just set up - I'm pretty new to iptables, but I managed to
get everything working except for port mapping with the
netfilter howtos.
What I want to do is map port 80 on the external interface
(eth0) to port 80 on my internal (eth1) 192.168.0.2 ip
address. So what I thought would do this is:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
DNAT --to 192.168.0.2
iptables -I INPUT -d 192.168.0.0/32 -j ACCEPT
If I understand that correctly, when the new packet comes
in on port 80, first the dest address should be changed to
192.168.0.2 by the first rule, then it should hit the INPUT
chain, and hit the second rule, which would accept it and
send it on to be routed to my local machine. And this
doesn't work.
Any ideas? Here's my iptables -vL (before running the
previous rules):
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
18137 16M block all -- any any anywhere
anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
10303 5774K block all -- any any anywhere
anywhere
Chain OUTPUT (policy ACCEPT 11785 packets, 990K bytes)
pkts bytes target prot opt in out source
destination
Chain block (2 references)
pkts bytes target prot opt in out source
destination
26723 21M ACCEPT all -- any any anywhere
anywhere state RELATED,ESTABLISHED
1375 291K ACCEPT all -- !eth0 any anywhere
anywhere state NEW
342 114K DROP all -- any any anywhere
anywhere
and iptables -vL -t nat:
Chain PREROUTING (policy ACCEPT 798 packets, 142K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
435 21613 MASQUERADE all -- any eth0 anywhere
anywhere
Chain OUTPUT (policy ACCEPT 37 packets, 2379 bytes)
pkts bytes target prot opt in out source
destination
Thanks
Matt
next reply other threads:[~2003-03-10 6:05 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-10 6:05 Mcminn, Matt 8869 [this message]
2003-03-10 7:57 ` iptables and port mapping Joel Newkirk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=web-117748330@back2.chartermi.net \
--to=melfinadev@chartermi.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.