From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jeff Largent Subject: Re: Port forwarding how ?? Date: Wed, 15 Jan 2003 12:10:28 -0500 Sender: linux-admin-owner@vger.kernel.org Message-ID: <3E259604.2080108@imagelinks.com> References: <5.1.1.6.0.20030114154114.01cd7190@mustang> <5.1.1.6.0.20030114154114.01cd7190@mustang> <5.1.1.6.0.20030115070044.01ca9b50@mustang> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <5.1.1.6.0.20030115070044.01ca9b50@mustang> List-Id: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Scott Taylor Cc: Sasa Ugrenovic , linux-admin@vger.kernel.org You also need a POSTROUTING for the return. iptables -A POSTROUTING -t nat -p tcp -s 192.168.0.14 --sport 3306 -j SNAT --to-source If you don't have this the forwarding host will gladly forward the message with the 192.168.0.14 ip, that you have no way of directly contacting. Jeff Scott Taylor wrote: > Please make your replies to the list. > > At 04:15 PM 1/14/03, you wrote: > >> Ok, >> And what about this ? >> ( I read this on that link you provided to me ) >> >> iptables -A FORWARD -p tcp --dport 3306 -j ACCEPT >> iptables -A PREROUTING -t nat -p tcp --dport 3306 -j DNAT --to >> 192.168.0.14:3306 >> >> When i try to connect on server where i entered rules i writed above, I >> get the following: >> >> [root@gatekeeper root]# telnet 192.168.0.13 3306 >> Trying 192.168.0.13... >> >> [root@gatekeeper root]# >> >> 192.168.0.13 = server where i entered the iptables ... which i need to >> redirect me to 192.168.0.14 >> 192.168.0.14 = server running mysql ( port 3306 ). >> >> >> On Wed, 2003-01-15 at 00:44, Scott Taylor wrote: >> > At 03:16 PM 1/14/03, you wrote: >> > >Anyone configured port forwarding that worked ? >> > >> > Yes. >> > >> > >> > >I was reading lot's of howto documents, but i was unable to configure >> > >that thing. >> > > >> > > >> > >iptables -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 3306 -j DNAT >> > >--to 192.168.0.14 >> > > >> > >This is how i configured it .. but it doesn't work .. anyone have any >> > >idea or something .. ? >> > >> > That alone is not going to do a lot for you. >> > >> > Here is a HowTo that should help: >> > http://tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html >> > >> > Then snoop around David's site and read the TrinityOS docs: >> > http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html >> > >> > - >> > To unsubscribe from this list: send the line "unsubscribe >> linux-admin" in >> > the body of a message to majordomo@vger.kernel.org >> > More majordomo info at http://vger.kernel.org/majordomo-info.html >> > > > > - > To unsubscribe from this list: send the line "unsubscribe linux-admin" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- Jeff Largent ImageLinks, Inc. Sr System Admin Melbourne, Fl 32935 (321) 253-0011 fax:(321) 253-5559