From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Charles Romestant" Subject: Re: Port Forwarding . Date: Wed, 9 Jul 2008 15:10:37 +1930 Message-ID: <5078d3df0807081240m24ccbf81s9502fb078a7187cf@mail.gmail.com> References: <5078d3df0807071449k730a33cxe31e0b34078f5794@mail.gmail.com> <4872943B.2060309@riverviewtech.net> <5078d3df0807071532w4ab76fe4vcf4e60a8980525ba@mail.gmail.com> <5078d3df0807071533k47a5dd16i254b3ae3592d7a77@mail.gmail.com> <5078d3df0807071610m5b47a81qc5d830a8b7bd0cff@mail.gmail.com> <5078d3df0807071658p73a25291v8522a9645fa8b8f9@mail.gmail.com> <4872CFA4.4030406@riverviewtech.net> <5078d3df0807081220q71674472m660de0de432e6bd7@mail.gmail.com> <4873C1E0.2010609@riverviewtech.net> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=vVlYqF3RuLWa3NQBPd2F3rwJloKKkPMYH1VYVFyUo5c=; b=oXuiswjW2jFwib3CJX9clihG8xpIQfvQmM4mWh9O1Rq1tAta1q8bGipZ1MCjCZxWTs jy4/uGRsKVuoVj61T8dKcYKZRCMNfZq6Jnz5oJOpAzX6JEshP+MST9aoD8pcR7EgYXMl lrrFF6u7ET0OyPygV/HP6x1m8pOR2hccfDK1c= In-Reply-To: <4873C1E0.2010609@riverviewtech.net> Content-Disposition: inline Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="us-ascii" To: Grant Taylor Cc: Mail List - Netfilter ok it was set to 0, but changing it did not do anything, here is the iptables-save output root@charz-server:/home/charz# iptables-save # Generated by iptables-save v1.3.6 on Tue Jul 8 15:09:21 2008 *nat :PREROUTING ACCEPT [1273:171111] :POSTROUTING ACCEPT [37:5861] :OUTPUT ACCEPT [41:6213] -A PREROUTING -d 10.0.1.192 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.10.1 -A POSTROUTING -s 10.0.10.1 -o eth0 -p tcp -m tcp --sport 80 -j SNAT --to-source 10.0.1.192 COMMIT # Completed on Tue Jul 8 15:09:21 2008 # Generated by iptables-save v1.3.6 on Tue Jul 8 15:09:21 2008 *filter :INPUT ACCEPT [7428:682763] :FORWARD ACCEPT [1:48] :OUTPUT ACCEPT [2978:507120] :fail2ban-ssh - [0:0] :spa - [0:0] -A FORWARD -d 10.0.10.1 -i eth0 -o eth1 -p tcp -m tcp --dport 80 -j ACCEPT -A FORWARD -s 10.0.10.1 -i eth1 -o eth0 -p tcp -m tcp --sport 80 -j ACCEPT COMMIT # Completed on Tue Jul 8 15:09:21 2008 Again , thank you for your help On Wed, Jul 9, 2008 at 3:07 PM, Grant Taylor wrote: > On 07/08/08 14:20, Charles Romestant wrote: >> >> ok, flushed all tables, and all chains, changed back the policy to accept, >> and then reentered the rules you sent me before Grant. And still no dice. > > *nod* > > > >> still the prerouting seems to be matching but the others stay at 0. > > Agreed. > >> At the moment i m still reading documentation to see if i can spot the >> mistake, thanks again for the help. >> >> Why would the prerouting accept and not continue to postrouting? > > If ip forwarding is not enabled, things may not do what they need to. What > is your /proc/sys/net/ipv4/ip_forward file set to? Try setting it to 1. > > echo "1" > /proc/sys/net/ipv4/ip_forward > > Also, can I get a current iptables-save output? > > > > Grant. . . . > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- Charz