* Redirect Command
@ 2005-04-21 13:26 Hernan Arredondo
2005-04-21 13:41 ` Jason Opperisano
2005-04-21 13:58 ` Vernon A. Fort
0 siblings, 2 replies; 3+ messages in thread
From: Hernan Arredondo @ 2005-04-21 13:26 UTC (permalink / raw)
To: netfilter
Hi all,
I'm new with iptables, I trying to create a rule that redirect all the
packets that goes to the port 25 of my firewall to the port 25 in a
Internet LAN machine, then I execute the command:
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT
--to 192.168.10.12:25
eth0 is the host exposed directly to Internet, and 192.168.2.12 is the
host in the LAN.
Now, this is not working, I try a telnet <eth0> 25 and nothing happen.
What's wrong here ? Can anybody help me ?
Hernan Dario Arredondo
--
No matter how fast processors get,
software consistently finds new ways to eat up the extra speed
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Redirect Command
2005-04-21 13:26 Redirect Command Hernan Arredondo
@ 2005-04-21 13:41 ` Jason Opperisano
2005-04-21 13:58 ` Vernon A. Fort
1 sibling, 0 replies; 3+ messages in thread
From: Jason Opperisano @ 2005-04-21 13:41 UTC (permalink / raw)
To: netfilter
On Thu, Apr 21, 2005 at 08:26:43AM -0500, Hernan Arredondo wrote:
> Hi all,
>
> I'm new with iptables, I trying to create a rule that redirect all the
> packets that goes to the port 25 of my firewall to the port 25 in a
> Internet LAN machine, then I execute the command:
>
> /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT
> --to 192.168.10.12:25
>
> eth0 is the host exposed directly to Internet, and 192.168.2.12 is the
> host in the LAN.
do you also have a FORWARD rule to allow this traffic through?
# allow stateful traffic
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# allow SMTP connections to mail server
iptables -A FORWARD -i eth0 -p tcp --syn \
-d 192.168.10.12 --dport 25 -j ACCEPT
> Now, this is not working, I try a telnet <eth0> 25 and nothing happen.
where are you executing the telnet from? any answer other than "from
some host on the Internet" makes your testing methodology invalid.
-j
--
"Chris: Dad, can you help me with my math homework?
Peter: Math. Math my dear boy is nothing more than the lesbian sister
of biology."
--Family Guy
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Redirect Command
2005-04-21 13:26 Redirect Command Hernan Arredondo
2005-04-21 13:41 ` Jason Opperisano
@ 2005-04-21 13:58 ` Vernon A. Fort
1 sibling, 0 replies; 3+ messages in thread
From: Vernon A. Fort @ 2005-04-21 13:58 UTC (permalink / raw)
To: netfilter
Hernan Arredondo wrote:
>Hi all,
>
>I'm new with iptables, I trying to create a rule that redirect all the
>packets that goes to the port 25 of my firewall to the port 25 in a
>Internet LAN machine, then I execute the command:
>
>/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT
>--to 192.168.10.12:25
>
>eth0 is the host exposed directly to Internet, and 192.168.2.12 is the
>host in the LAN.
>
>
You should also have a FORWARD rule:
/sbin/iptables -A FORWARD -p tcp -d 192.168.10.12 --dport 25 -j ACCEPT
Vernon
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-04-21 13:58 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-04-21 13:26 Redirect Command Hernan Arredondo
2005-04-21 13:41 ` Jason Opperisano
2005-04-21 13:58 ` Vernon A. Fort
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox