* PREROUTING
@ 2003-04-29 7:23 netfilter_user
2003-04-29 7:49 ` PREROUTING SaVaGE
0 siblings, 1 reply; 12+ messages in thread
From: netfilter_user @ 2003-04-29 7:23 UTC (permalink / raw)
To: netfilter
Hello everyone,
this is my problem:
My LAN is connected to Internet via Linux machine with 2 interface (
ppp0 - for internet and eth1 for local net). I need to connect from
local host, service that is running on port 23073 and 23083 UDP in
internet. For this i wrote afew rules with PREROUTING but when I start
script with rules below i receive:
Bad argument `PREROUTING'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `PREROUTING'
Try `iptables -h' or 'iptables --help' for more information.
iptables -t nat -A PREROUTING -p udp -d 80.50.60.185 --dport 23073 -j DNAT --to-destination 192.168.1.2
iptables -t nat -A PREROUTING -p udp -d 80.50.60.185 --dport 23083 -j DNAT --to-destination 192.168.1.2
iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23073 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23083 -j ACCEPT
What maybe a reason of this msg?
Im using slackware 8.1 with iptables 1.2.6a
--
Best regards,
mailto:netfilter_user@o2.pl
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: PREROUTING
2003-04-29 7:23 PREROUTING netfilter_user
@ 2003-04-29 7:49 ` SaVaGE
2003-04-29 9:21 ` PREROUTING Frederic Gobin
2003-04-29 12:53 ` Re[2]: PREROUTING netfilter_user
0 siblings, 2 replies; 12+ messages in thread
From: SaVaGE @ 2003-04-29 7:49 UTC (permalink / raw)
To: netfilter
Op dinsdag 29 april 2003 09:23, schreef netfilter_user:
> Hello everyone,
>
> this is my problem:
> My LAN is connected to Internet via Linux machine with 2 interface (
> ppp0 - for internet and eth1 for local net). I need to connect from
> local host, service that is running on port 23073 and 23083 UDP in
> internet. For this i wrote afew rules with PREROUTING but when I start
> script with rules below i receive:
>
> Bad argument `PREROUTING'
> Try `iptables -h' or 'iptables --help' for more information.
> Bad argument `PREROUTING'
> Try `iptables -h' or 'iptables --help' for more information.
>
>
> iptables -t nat -A PREROUTING -p udp -d 80.50.60.185 --dport 23073 -j DNAT
> --to-destination 192.168.1.2 iptables -t nat -A PREROUTING -p udp -d
> 80.50.60.185 --dport 23083 -j DNAT --to-destination 192.168.1.2
>
> iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23073 -j ACCEPT
> iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23083 -j ACCEPT
>
> What maybe a reason of this msg?
> Im using slackware 8.1 with iptables 1.2.6a
This behaviour is correct NATting is done on the POSTROUTING table !!!!
Pascal (PC-Secure Dutch security service)
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: PREROUTING
2003-04-29 7:49 ` PREROUTING SaVaGE
@ 2003-04-29 9:21 ` Frederic Gobin
2003-04-29 13:28 ` PREROUTING Eric Poulin
2003-04-29 12:53 ` Re[2]: PREROUTING netfilter_user
1 sibling, 1 reply; 12+ messages in thread
From: Frederic Gobin @ 2003-04-29 9:21 UTC (permalink / raw)
To: SaVaGE; +Cc: netfilter
This is not really true ...
According to the iptables man page, DNAT is valid only in the OUTPUT
and PREROUTING chain of the nat table. SNAT is only valid in the
POSTROUTING chain of the nat table.
It could be a missing kernel option ...
Frederic Gobin
Am Dienstag, 29.04.03 um 09:49 Uhr schrieb SaVaGE:
> Op dinsdag 29 april 2003 09:23, schreef netfilter_user:
>> Hello everyone,
>>
>> this is my problem:
>> My LAN is connected to Internet via Linux machine with 2 interface (
>> ppp0 - for internet and eth1 for local net). I need to connect from
>> local host, service that is running on port 23073 and 23083 UDP in
>> internet. For this i wrote afew rules with PREROUTING but when I start
>> script with rules below i receive:
>>
>> Bad argument `PREROUTING'
>> Try `iptables -h' or 'iptables --help' for more information.
>> Bad argument `PREROUTING'
>> Try `iptables -h' or 'iptables --help' for more information.
>>
>>
>> iptables -t nat -A PREROUTING -p udp -d 80.50.60.185 --dport 23073 -j
>> DNAT
>> --to-destination 192.168.1.2 iptables -t nat -A PREROUTING -p udp -d
>> 80.50.60.185 --dport 23083 -j DNAT --to-destination 192.168.1.2
>>
>> iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23073 -j ACCEPT
>> iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23083 -j ACCEPT
>>
>> What maybe a reason of this msg?
>> Im using slackware 8.1 with iptables 1.2.6a
>
> This behaviour is correct NATting is done on the POSTROUTING table !!!!
>
>
> Pascal (PC-Secure Dutch security service)
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: PREROUTING
2003-04-29 9:21 ` PREROUTING Frederic Gobin
@ 2003-04-29 13:28 ` Eric Poulin
0 siblings, 0 replies; 12+ messages in thread
From: Eric Poulin @ 2003-04-29 13:28 UTC (permalink / raw)
To: Frederic Gobin; +Cc: netfilter
You are absolutly right. Actually, the command is correct, and also working
fine in my environement, so I suspect also that some options by be missing in
the kernel.
Eric
> This is not really true ...
>
> According to the iptables man page, DNAT is valid only in the OUTPUT
> and PREROUTING chain of the nat table. SNAT is only valid in the
> POSTROUTING chain of the nat table.
>
> It could be a missing kernel option ...
>
> Frederic Gobin
>
> Am Dienstag, 29.04.03 um 09:49 Uhr schrieb SaVaGE:
>
> > Op dinsdag 29 april 2003 09:23, schreef netfilter_user:
> >> Hello everyone,
> >>
> >> this is my problem:
> >> My LAN is connected to Internet via Linux machine with 2 interface (
> >> ppp0 - for internet and eth1 for local net). I need to connect from
> >> local host, service that is running on port 23073 and 23083 UDP in
> >> internet. For this i wrote afew rules with PREROUTING but when I start
> >> script with rules below i receive:
> >>
> >> Bad argument `PREROUTING'
> >> Try `iptables -h' or 'iptables --help' for more information.
> >> Bad argument `PREROUTING'
> >> Try `iptables -h' or 'iptables --help' for more information.
> >>
> >>
> >> iptables -t nat -A PREROUTING -p udp -d 80.50.60.185 --dport 23073 -j
> >> DNAT
> >> --to-destination 192.168.1.2 iptables -t nat -A PREROUTING -p udp -d
> >> 80.50.60.185 --dport 23083 -j DNAT --to-destination 192.168.1.2
> >>
> >> iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23073 -j ACCEPT
> >> iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23083 -j ACCEPT
> >>
> >> What maybe a reason of this msg?
> >> Im using slackware 8.1 with iptables 1.2.6a
> >
> > This behaviour is correct NATting is done on the POSTROUTING table !!!!
> >
> >
> > Pascal (PC-Secure Dutch security service)
> >
>
>
>
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re[2]: PREROUTING
2003-04-29 7:49 ` PREROUTING SaVaGE
2003-04-29 9:21 ` PREROUTING Frederic Gobin
@ 2003-04-29 12:53 ` netfilter_user
2003-04-29 13:33 ` SaVaGE
2003-04-29 14:49 ` Alistair Tonner
1 sibling, 2 replies; 12+ messages in thread
From: netfilter_user @ 2003-04-29 12:53 UTC (permalink / raw)
To: SaVaGE; +Cc: netfilter
Hello SaVaGE,
Tuesday, April 29, 2003, 9:49:10 AM, you wrote:
S> Op dinsdag 29 april 2003 09:23, schreef netfilter_user:
>> Hello everyone,
>>
>> this is my problem:
>> My LAN is connected to Internet via Linux machine with 2 interface (
>> ppp0 - for internet and eth1 for local net). I need to connect from
>> local host, service that is running on port 23073 and 23083 UDP in
>> internet. For this i wrote afew rules with PREROUTING but when I start
>> script with rules below i receive:
>>
>> Bad argument `PREROUTING'
>> Try `iptables -h' or 'iptables --help' for more information.
>> Bad argument `PREROUTING'
>> Try `iptables -h' or 'iptables --help' for more information.
>>
>>
>> iptables -t nat -A PREROUTING -p udp -d 80.50.60.185 --dport 23073 -j DNAT
>> --to-destination 192.168.1.2 iptables -t nat -A PREROUTING -p udp -d
>> 80.50.60.185 --dport 23083 -j DNAT --to-destination 192.168.1.2
>>
>> iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23073 -j ACCEPT
>> iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23083 -j ACCEPT
>>
>> What maybe a reason of this msg?
>> Im using slackware 8.1 with iptables 1.2.6a
S> This behaviour is correct NATting is done on the POSTROUTING table !!!!
S> Pascal (PC-Secure Dutch security service)
ammm....im afraid its not correct because I have received msg like this:
Bad argument `PREROUTING'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `PREROUTING'
Try `iptables -h' or 'iptables --help' for more information.
...its not correct in my newbe opinion.
--
Best regards,
mailto:netfilter_user@o2.pl
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Re[2]: PREROUTING
2003-04-29 12:53 ` Re[2]: PREROUTING netfilter_user
@ 2003-04-29 13:33 ` SaVaGE
2003-04-29 14:49 ` Alistair Tonner
1 sibling, 0 replies; 12+ messages in thread
From: SaVaGE @ 2003-04-29 13:33 UTC (permalink / raw)
To: netfilter
Op dinsdag 29 april 2003 14:53, schreef netfilter_user:
> Hello SaVaGE,
>
> Tuesday, April 29, 2003, 9:49:10 AM, you wrote:
>
> S> Op dinsdag 29 april 2003 09:23, schreef netfilter_user:
> >> Hello everyone,
> >>
> >> this is my problem:
> >> My LAN is connected to Internet via Linux machine with 2 interface (
> >> ppp0 - for internet and eth1 for local net). I need to connect from
> >> local host, service that is running on port 23073 and 23083 UDP in
> >> internet. For this i wrote afew rules with PREROUTING but when I start
> >> script with rules below i receive:
> >>
> >> Bad argument `PREROUTING'
> >> Try `iptables -h' or 'iptables --help' for more information.
> >> Bad argument `PREROUTING'
> >> Try `iptables -h' or 'iptables --help' for more information.
> >>
> >>
> >> iptables -t nat -A PREROUTING -p udp -d 80.50.60.185 --dport 23073 -j
> >> DNAT --to-destination 192.168.1.2 iptables -t nat -A PREROUTING -p udp
> >> -d 80.50.60.185 --dport 23083 -j DNAT --to-destination 192.168.1.2
> >>
> >> iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23073 -j ACCEPT
> >> iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23083 -j ACCEPT
> >>
> >> What maybe a reason of this msg?
> >> Im using slackware 8.1 with iptables 1.2.6a
>
> S> This behaviour is correct NATting is done on the POSTROUTING table !!!!
>
>
> S> Pascal (PC-Secure Dutch security service)
>
> ammm....im afraid its not correct because I have received msg like this:
>
> Bad argument `PREROUTING'
> Try `iptables -h' or 'iptables --help' for more information.
> Bad argument `PREROUTING'
> Try `iptables -h' or 'iptables --help' for more information.
>
> ...its not correct in my newbe opinion.
Sorry my fault wasn't wake at that time , maybe this will help::
iptables -A PREROUTING -t nat -p udp -d 80.50.60.185 --dport
23073 -j DNAT --to 192.168.1.2:23073
iptables -A PREROUTING -t nat -p udp -d 80.50.60.185 --dport
23083 -j DNAT --to 192.168.1.2:23083
let us know if it worked for you !
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Re[2]: PREROUTING
2003-04-29 12:53 ` Re[2]: PREROUTING netfilter_user
2003-04-29 13:33 ` SaVaGE
@ 2003-04-29 14:49 ` Alistair Tonner
2003-04-29 15:59 ` Re[4]: PREROUTING netfilter_user
1 sibling, 1 reply; 12+ messages in thread
From: Alistair Tonner @ 2003-04-29 14:49 UTC (permalink / raw)
To: netfilter_user, SaVaGE; +Cc: netfilter
On April 29, 2003 08:53 am, netfilter_user wrote:
> Hello SaVaGE,
>
> Tuesday, April 29, 2003, 9:49:10 AM, you wrote:
>
> S> Op dinsdag 29 april 2003 09:23, schreef netfilter_user:
> >> Hello everyone,
> >>
> >> this is my problem:
> >> My LAN is connected to Internet via Linux machine with 2 interface (
> >> ppp0 - for internet and eth1 for local net). I need to connect from
> >> local host, service that is running on port 23073 and 23083 UDP in
> >> internet. For this i wrote afew rules with PREROUTING but when I start
> >> script with rules below i receive:
> >>
> >> Bad argument `PREROUTING'
> >> Try `iptables -h' or 'iptables --help' for more information.
> >> Bad argument `PREROUTING'
> >> Try `iptables -h' or 'iptables --help' for more information.
> >>
> >>
> >> iptables -t nat -A PREROUTING -p udp -d 80.50.60.185 --dport 23073 -j
> >> DNAT --to-destination 192.168.1.2 iptables -t nat -A PREROUTING -p udp
> >> -d 80.50.60.185 --dport 23083 -j DNAT --to-destination 192.168.1.2
> >>
> >> iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23073 -j ACCEPT
> >> iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23083 -j ACCEPT
> >>
> >> What maybe a reason of this msg?
> >> Im using slackware 8.1 with iptables 1.2.6a
>
> S> This behaviour is correct NATting is done on the POSTROUTING table !!!!
>
>
> S> Pascal (PC-Secure Dutch security service)
>
> ammm....im afraid its not correct because I have received msg like this:
>
> Bad argument `PREROUTING'
> Try `iptables -h' or 'iptables --help' for more information.
> Bad argument `PREROUTING'
> Try `iptables -h' or 'iptables --help' for more information.
>
> ...its not correct in my newbe opinion.
Actually DNAT is acceptable in the PREROUTING chain.
change the --to-destination option to
--to ip.ad.dr.ess:portnum
or
--to ip.ad.dre.ss
--
Alistair Tonner
nerdnet.ca
Senior Systems Analyst - RSS
Any sufficiently advanced technology will have the appearance of magic.
Lets get magical!
^ permalink raw reply [flat|nested] 12+ messages in thread* Re[4]: PREROUTING
2003-04-29 14:49 ` Alistair Tonner
@ 2003-04-29 15:59 ` netfilter_user
0 siblings, 0 replies; 12+ messages in thread
From: netfilter_user @ 2003-04-29 15:59 UTC (permalink / raw)
To: Alistair Tonner; +Cc: SaVaGE, netfilter
Hello Alistair,
Tuesday, April 29, 2003, 4:49:38 PM, you wrote:
AT> On April 29, 2003 08:53 am, netfilter_user wrote:
>> Hello SaVaGE,
>>
>> Tuesday, April 29, 2003, 9:49:10 AM, you wrote:
>>
>> S> Op dinsdag 29 april 2003 09:23, schreef netfilter_user:
>> >> Hello everyone,
>> >>
>> >> this is my problem:
>> >> My LAN is connected to Internet via Linux machine with 2 interface (
>> >> ppp0 - for internet and eth1 for local net). I need to connect from
>> >> local host, service that is running on port 23073 and 23083 UDP in
>> >> internet. For this i wrote afew rules with PREROUTING but when I start
>> >> script with rules below i receive:
>> >>
>> >> Bad argument `PREROUTING'
>> >> Try `iptables -h' or 'iptables --help' for more information.
>> >> Bad argument `PREROUTING'
>> >> Try `iptables -h' or 'iptables --help' for more information.
>> >>
>> >>
>> >> iptables -t nat -A PREROUTING -p udp -d 80.50.60.185 --dport 23073 -j
>> >> DNAT --to-destination 192.168.1.2 iptables -t nat -A PREROUTING -p udp
>> >> -d 80.50.60.185 --dport 23083 -j DNAT --to-destination 192.168.1.2
>> >>
>> >> iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23073 -j ACCEPT
>> >> iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23083 -j ACCEPT
>> >>
>> >> What maybe a reason of this msg?
>> >> Im using slackware 8.1 with iptables 1.2.6a
>>
>> S> This behaviour is correct NATting is done on the POSTROUTING table !!!!
>>
>>
>> S> Pascal (PC-Secure Dutch security service)
>>
>> ammm....im afraid its not correct because I have received msg like this:
>>
>> Bad argument `PREROUTING'
>> Try `iptables -h' or 'iptables --help' for more information.
>> Bad argument `PREROUTING'
>> Try `iptables -h' or 'iptables --help' for more information.
>>
>> ...its not correct in my newbe opinion.
AT> Actually DNAT is acceptable in the PREROUTING chain.
AT> change the --to-destination option to
AT> --to ip.ad.dr.ess:portnum
AT> or
AT> --to ip.ad.dre.ss
Now I have to excuse everyone who answer on my mail... it is ofcourse
my fault. I made mistake and had written "iptables -t nat
PREROUTING..." and I should write like this "iptables -t nat -A
PREROUTING...". I have forgotten about "-A". Forgive me plz and thx
for your time and attention.
--
Best regards,
mailto:netfilter_user@o2.pl
^ permalink raw reply [flat|nested] 12+ messages in thread
* PREROUTING
@ 2003-09-19 15:48 Mickael DILY
2003-09-19 16:48 ` PREROUTING Jim Carter
0 siblings, 1 reply; 12+ messages in thread
From: Mickael DILY @ 2003-09-19 15:48 UTC (permalink / raw)
To: netfilter
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi people :-)
I would like to add the following line to my firewall
iptables -A PREROUTING -t mangle -p tcp --sport ssh -j TOS --set-tos\
Minimize-Delay
iptables -A PREROUTING -t mangle -p tcp --sport ftp -j TOS --set-tos\
Minimize-Delay
iptables -A PREROUTING -t mangle -p tcp --sport ftp -j TOS --set-tos\
Maximize-Throughput
When i do this, nothing tells me if it is good or bad. I presume it is good.
But, when i list my iptables, i see nothing in the rule PREROUTING.
I think it is not normal. Where do i bug ?
Thanks
- --
- - M. DILY, administrateur réseau, geek :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/ayU9zEzekoYhlpsRAtMqAKCsd2oXEK1CQYRR2bbvu2QCUNqy3QCdGbJ5
zmKvWz9TGTGva7hQgZjdqhY=
=Ffgc
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: PREROUTING
2003-09-19 15:48 PREROUTING Mickael DILY
@ 2003-09-19 16:48 ` Jim Carter
0 siblings, 0 replies; 12+ messages in thread
From: Jim Carter @ 2003-09-19 16:48 UTC (permalink / raw)
To: Mickael DILY; +Cc: netfilter
On Fri, 19 Sep 2003, Mickael DILY wrote:
> I would like to add the following line to my firewall
> iptables -A PREROUTING -t mangle -p tcp --sport ssh -j TOS --set-tos\
> Minimize-Delay
> iptables -A PREROUTING -t mangle -p tcp --sport ftp -j TOS --set-tos\
> Minimize-Delay
> iptables -A PREROUTING -t mangle -p tcp --sport ftp -j TOS --set-tos\
> Maximize-Throughput
I thought you could set only one type of service on a packet. Did you
perhaps mean "--sport http" in the middle line? Though given the bloated
advertisement-crammed web pages we often see, maybe "Maximize-Throughput"
would be more appropriate (just joking; each advt. needs a separate
connection and so "Minimize-Delay" is what you want.)
> When i do this, nothing tells me if it is good or bad. I presume it is good.
> But, when i list my iptables, i see nothing in the rule PREROUTING.
> I think it is not normal. Where do i bug ?
Did you actually list the mangle table with all the special arguments?
E.g. "iptables -t mangle -L -v".
James F. Carter Voice 310 825 2897 FAX 310 206 6673
UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc@math.ucla.edu http://www.math.ucla.edu/~jimc (q.v. for PGP key)
^ permalink raw reply [flat|nested] 12+ messages in thread
[parent not found: <CAGwLQT0SRyga4go7uk2ujyPiBaD_K4jvd_XHCXG7YGi1hUxVbw@mail.gmail.com>]
* PREROUTING
[not found] <CAGwLQT0SRyga4go7uk2ujyPiBaD_K4jvd_XHCXG7YGi1hUxVbw@mail.gmail.com>
@ 2011-10-05 11:49 ` Chris Percol
2011-10-05 22:05 ` PREROUTING Andrew Beverley
0 siblings, 1 reply; 12+ messages in thread
From: Chris Percol @ 2011-10-05 11:49 UTC (permalink / raw)
To: netfilter
Hi,
I am currently using the following rules on centos iptables to direct
users from a --to-destination to different samba servers.
What is the best approach to take to allow the users of 10.91.0.0 to
also access Samba Server A?
# Samba Server A
/sbin/iptables -t nat -A PREROUTING -p udp --dport 137 -j DNAT
--to-destination 192.168.1.10 --source 10.90.0.0/16
/sbin/iptables -t nat -A PREROUTING -p udp --dport 138 -j DNAT
--to-destination 192.168.1.10 --source 10.90.0.0/16
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 139 -j DNAT
--to-destination 192.168.1.10 --source 10.90.0.0/16
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 445 -j DNAT
--to-destination 192.168.1.10 --source 10.90.0.0/16
# Samba Server B
/sbin/iptables -t nat -A PREROUTING -p udp --dport 137 -j DNAT
--to-destination 192.168.2.10 --source 10.91.0.0/16
/sbin/iptables -t nat -A PREROUTING -p udp --dport 138 -j DNAT
--to-destination 192.168.2.10 --source 10.91.0.0/16
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 139 -j DNAT
--to-destination 192.168.2.10 --source 10.91.0.0/16
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 445 -j DNAT
--to-destination 192.168.2.10 --source 10.91.0.0/16
Thanks,
Chris
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: PREROUTING
2011-10-05 11:49 ` PREROUTING Chris Percol
@ 2011-10-05 22:05 ` Andrew Beverley
0 siblings, 0 replies; 12+ messages in thread
From: Andrew Beverley @ 2011-10-05 22:05 UTC (permalink / raw)
To: Chris Percol; +Cc: netfilter
On Wed, 2011-10-05 at 12:49 +0100, Chris Percol wrote:
> Hi,
> I am currently using the following rules on centos iptables to direct
> users from a --to-destination to different samba servers.
> What is the best approach to take to allow the users of 10.91.0.0 to
> also access Samba Server A?
I don't understand what you are trying to achieve. There are no
filtering rules below, so anybody trying to access Samba Server A will
be able to do so anyway?
> # Samba Server A
> /sbin/iptables -t nat -A PREROUTING -p udp --dport 137 -j DNAT
> --to-destination 192.168.1.10 --source 10.90.0.0/16
> /sbin/iptables -t nat -A PREROUTING -p udp --dport 138 -j DNAT
> --to-destination 192.168.1.10 --source 10.90.0.0/16
> /sbin/iptables -t nat -A PREROUTING -p tcp --dport 139 -j DNAT
> --to-destination 192.168.1.10 --source 10.90.0.0/16
> /sbin/iptables -t nat -A PREROUTING -p tcp --dport 445 -j DNAT
> --to-destination 192.168.1.10 --source 10.90.0.0/16
>
> # Samba Server B
> /sbin/iptables -t nat -A PREROUTING -p udp --dport 137 -j DNAT
> --to-destination 192.168.2.10 --source 10.91.0.0/16
> /sbin/iptables -t nat -A PREROUTING -p udp --dport 138 -j DNAT
> --to-destination 192.168.2.10 --source 10.91.0.0/16
> /sbin/iptables -t nat -A PREROUTING -p tcp --dport 139 -j DNAT
> --to-destination 192.168.2.10 --source 10.91.0.0/16
> /sbin/iptables -t nat -A PREROUTING -p tcp --dport 445 -j DNAT
> --to-destination 192.168.2.10 --source 10.91.0.0/16
>
> Thanks,
> Chris
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2011-10-05 22:05 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-29 7:23 PREROUTING netfilter_user
2003-04-29 7:49 ` PREROUTING SaVaGE
2003-04-29 9:21 ` PREROUTING Frederic Gobin
2003-04-29 13:28 ` PREROUTING Eric Poulin
2003-04-29 12:53 ` Re[2]: PREROUTING netfilter_user
2003-04-29 13:33 ` SaVaGE
2003-04-29 14:49 ` Alistair Tonner
2003-04-29 15:59 ` Re[4]: PREROUTING netfilter_user
-- strict thread matches above, loose matches on Subject: below --
2003-09-19 15:48 PREROUTING Mickael DILY
2003-09-19 16:48 ` PREROUTING Jim Carter
[not found] <CAGwLQT0SRyga4go7uk2ujyPiBaD_K4jvd_XHCXG7YGi1hUxVbw@mail.gmail.com>
2011-10-05 11:49 ` PREROUTING Chris Percol
2011-10-05 22:05 ` PREROUTING Andrew Beverley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox