From: <sc2@gmx.at>
To: netfilter@lists.netfilter.org
Subject: Re: Forwarding help
Date: Thu, 27 Nov 2003 12:07:36 +0100 [thread overview]
Message-ID: <002901c3b4d6$ab0bbca0$14d36c50@anonymous> (raw)
In-Reply-To: 200311262230.31909.Antony@Soft-Solutions.co.uk
Thx for answer antony
here the complet rules list, sorry for this xx.xx.xx it was stupid from me
(full range)...
Ip : xx.xxx.24.51 , should be fw to ip: xx.xxx.24.58
(only for 1 port)
thank you
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -F FORWARD
iptables -t nat -F
iptables -A FORWARD -j LOG
iptables -A FORWARD -p udp -d xx.xxx.24.58 --dport xxx21 -j ACCEPT
iptables -t nat -A PREROUTING -p udp -d xx.xxx.24.51 --dport xxx21 -j
DNAT --to xx.xxx.24.58:xx021
iptables -A FORWARD -p tcp -d xx.xxx.24.58 --dport xxx21 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d xx.xxx.24.51 --dport xxx21 -j
DNAT --to xx.xxx.xx.58:xxx21
> On Wednesday 26 November 2003 10:03 pm, sc2@gmx.at wrote:
>
> > hello
> > i use iptables .7, but it does not work (forward) , any ideas?
> > thank you ,
> > ps: same rules down i have make for tcp match not only for udp
> >
> > echo "1" > /proc/sys/net/ipv4/ip_forward
> > iptables -F FORWARD
> > iptables -t nat -F
> > iptables -A FORWARD -j LOG
> > iptables -A FORWARD -p udp -d ip --dport port -j ACCEPT
> > iptables -t nat -A PREROUTING -p udp -d ip --dport port -j DNAT --to
> > ip:port
>
> I assume in that last rule the two occurrences of "ip" are different.
>
> Which one is specified in the FORWARD rule? Make sure it is the
translated
> address (ie the address on the packet after it has gone through the
> PREROUTING rule), because it will no longer have the original destination
> address by the time it hits the FORWARD chain.
>
> If that's not the answer then post your actual ruleset (by all means munge
the
> addresses if you don't want us to know exactly what they are, but let us
see
> which ones are which...)
>
> Antony.
>
> --
> Wanted: telepath. You know where to apply.
>
> Please reply to the
list;
> please don't CC
me.
>
>
>
next prev parent reply other threads:[~2003-11-27 11:07 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-26 22:03 Forwarding help sc2
2003-11-26 22:30 ` zechim
2003-11-26 22:30 ` Antony Stone
2003-11-27 11:07 ` sc2 [this message]
2003-11-27 11:34 ` Antony Stone
2003-11-27 12:48 ` sc2
2003-11-27 12:58 ` Antony Stone
2003-11-27 13:14 ` Ray Leach
2003-11-27 13:21 ` Antony Stone
-- strict thread matches above, loose matches on Subject: below --
2003-11-20 20:26 Forwarding Help Michael Menges
2003-11-20 20:40 ` Antony Stone
2003-11-20 21:23 ` Jeffrey Laramie
2003-11-20 21:37 ` Antony Stone
2003-11-20 21:20 ` Eric Wood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='002901c3b4d6$ab0bbca0$14d36c50@anonymous' \
--to=sc2@gmx.at \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox