From: "Artem Y. Pervin" <artempervin@gmail.com>
To: netfilter@vger.kernel.org
Subject: rule is ignored for the localhost
Date: Mon, 16 Jun 2008 23:41:50 +0400 [thread overview]
Message-ID: <86ff9a9a0806161241r65b5a734o2b0ebc8e2ef0c4fe@mail.gmail.com> (raw)
Dear netfilter/iptables users!
Can you please help me with iptables setup?
I want to do a simple thing. I want some port of the external
interface to redirect TCP traffic to the private network.
So, I have the following rule sequence:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.
$ cat rules.sh
INTIF="eth1"
EXTIF="eth2"
# Default policy
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Flush tables
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -F -t nat
# Setup NAT
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
# Port forwarding
iptables -t nat -I PREROUTING -i $EXTIF -p tcp --dport 30099 -j DNAT
--to 192.168.10.119:22
iptables -t nat -I PREROUTING -i lo -p tcp --dport 30099 -j DNAT --to
192.168.10.119:22
iptables -I INPUT -i $EXTIF -p tcp --dport 30099 -j ACCEPT
iptables -I INPUT -i lo -p tcp --dport 30099 -j ACCEPT
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.
When I try to access my machine from a remote host, everything works fine:
[versus@demo ~]$ ssh -p 30099 root@somehost.somedomain
...
Are you sure you want to continue connecting (yes/no)?
But when I try to access the 30099 port from the localhost, I get
connection refused:
[root@somehost ~]# ssh -vp 30099 root@localhost
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 30099.
debug1: connect to address 127.0.0.1 port 30099: Connection refused
ssh: connect to host localhost port 30099: Connection refused
I've tried to use the external ip adress as well, but I'm getting the
same result:
[root@somehost ~]# ssh -vp 30099 root@somehost.somedomain
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
...
ssh: connect to host somehost.somedomain port 30099: Connection refused
What is wrong with my configuration? Why iptables ignore the rule for
the localhost case?
I'm using iptables v1.3.7, kernel is 2.6.21.1.
--
Best regards,
Artem Pervin
next reply other threads:[~2008-06-16 19:41 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-16 19:41 Artem Y. Pervin [this message]
2008-06-16 20:49 ` rule is ignored for the localhost Grant Taylor
2008-06-17 14:03 ` Pascal Hambourg
2008-06-17 14:16 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86ff9a9a0806161241r65b5a734o2b0ebc8e2ef0c4fe@mail.gmail.com \
--to=artempervin@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox