From: Andrew Beverley <andy@andybev.com>
To: Ronald <ronald645@gmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: Redirecting ports with netfilter: unexpected varying results possibly correlated with NAT
Date: Thu, 27 Oct 2011 07:24:23 +0100 [thread overview]
Message-ID: <1319696663.26402.6931.camel@andybev-desktop> (raw)
In-Reply-To: <CAF1_xX3Qwc_d2q9KLQqHcoXmS0hd+xUvNwOVkbK7zWASShxTbw@mail.gmail.com>
On Thu, 2011-10-27 at 06:16 +0200, Ronald wrote:
> > Is there any way you can you try it without IPSEC?
>
> Good idea, I'll try without IPSEC and see what happens. I suppose I
> can just use nc for this.
>
> > Okay, so if it's running in a VPN, do you really need to "secure" it by
> > changing the port number? Am I missing something?
>
> It's not running in the VPN, it's running the VPN.
Ah, got you, so I was missing something :)
> > I assume that you have the relevant rules for the returning packets?
>
> What you see above is the entire iptables configuration that is
> relevant for port redirection. I made these based on examples from the
> internet. In order to redirect a port, you have to apply 1 rule to the
> client and 1 rule to the server.
For packets going in one direction, yes. But surely you need similar
rules from the server back to the client? That said, it's probably
working (with the cable connection) because you're not doing it at
either end, so the packets are using the default ports.
> > then your answer is a problem with the bearer in between.
>
> Thinking of it, I suppose that is a valid conclusion. Totally agree,
> bothers me why this is happening though.
>
Hmmm, I'm still not convinced you've got the iptables rules correct, as
per my post above, but I've not got time to re-read them right now.
Andy
next prev parent reply other threads:[~2011-10-27 6:24 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-23 12:29 Redirecting ports with netfilter: unexpected varying results possibly correlated with NAT Ronald
2011-10-26 20:52 ` Ronald
2011-10-26 22:37 ` Andrew Beverley
2011-10-26 22:44 ` Andrew Beverley
2011-10-27 4:16 ` Ronald
2011-10-27 6:24 ` Andrew Beverley [this message]
2011-10-27 6:45 ` Ronald
2011-10-29 18:23 ` Andrew Beverley
2011-10-29 19:29 ` Jan Engelhardt
2011-10-29 22:22 ` Andrew Beverley
2011-10-29 22:39 ` Andrew Beverley
2011-10-29 20:10 ` Ronald
2011-10-29 22:59 ` Andrew Beverley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1319696663.26402.6931.camel@andybev-desktop \
--to=andy@andybev.com \
--cc=netfilter@vger.kernel.org \
--cc=ronald645@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox