From: Abdul-Wahid Paterson <abdulwahid@gmail.com>
To: Tom Fischer <tom.fischer@ebuz.de>
Cc: netfilter@lists.netfilter.org
Subject: Re: DNAT-Problem
Date: Thu, 9 Sep 2004 09:44:25 +0100 [thread overview]
Message-ID: <995fcdb00409090144c3959f0@mail.gmail.com> (raw)
In-Reply-To: <20040909041047.7f8457cf@nixe>
Are you sure that you are not dropping the packet in another
table/chain. Perhaps do something like
watch -n 1 iptables -L -n -v
so that you can see the packet count when you test to see if the
packet rule is being accepted or dropped somewhere.
Abdul-Wahid
On Thu, 9 Sep 2004 04:10:47 +0200, Tom Fischer <tom.fischer@ebuz.de> wrote:
> Hi,
>
> i have a problem with DNAT. We have to move some services for a few days
> on another machine. So we want do DNAT on incoming Packets. I set
>
> iptables -A PREROUTING -t nat -s 0/0 -d xxx.xxx.xxx.xxx -p tcp --dport
> 9000-j DNAT --to xxx.xxx.xxx.xxx
>
> Should be enough on this box in my opinion. So i can see the Packet
> incoming on the old machine, and i can see the Packet with my Source IP
> and the new destination IP, but i think the packet never leaves the old
> machine. tcpdump looks like this
>
> [root@server4 mysql]# tcpdump -n port 9000
> tcpdump: listening on eth0
> 04:02:04.746105 217.232.189.4.65423 > oldmachine.9000: S
> 740515023:740515023(0) win 5840 <mss 1452,sackOK,timestamp 66069311
> 0,nop,wscale 7> (DF) [tos 0x70]
> 04:02:04.746151 217.232.189.4.65423 > newmachine.70.9000: S
> 740515023:740515023(0) win 5840 <mss 1452,sackOK,timestamp 66069311
> 0,nop,wscale 7> (DF) [tos 0x70]
> 04:02:07.744772 217.232.189.4.65423 > oldmachine.9000: S
> 740515023:740515023(0) win 5840 <mss 1452,sackOK,timestamp 66072311
> 0,nop,wscale 7> (DF) [tos 0x70]
> 04:02:07.744806 217.232.189.4.65423 > newmachine.9000: S
> 740515023:740515023(0) win 5840 <mss 1452,sackOK,timestamp 66072311
> 0,nop,wscale 7> (DF) [tos 0x70]
>
> The packet never arivves on the new machine. What am I missing?
>
> Kernel is 2.4.27, the box seems to be Fedora Core 2 and iptables is
> Version 1.2.7a.
>
> Anybody can help me out?
>
> Tom
>
>
next prev parent reply other threads:[~2004-09-09 8:44 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-09 2:10 DNAT-Problem Tom Fischer
2004-09-09 2:26 ` DNAT-Problem Jason Opperisano
2004-09-09 10:29 ` DNAT-Problem Tom Fischer
2004-09-09 11:38 ` DNAT-Problem Jason Opperisano
2004-09-09 11:58 ` DNAT-Problem Tom Fischer
2004-09-09 13:26 ` DNAT-Problem Jason Opperisano
2004-09-09 14:13 ` DNAT-Problem Tom Fischer
2004-09-09 8:44 ` Abdul-Wahid Paterson [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-05-02 10:20 DNAT-PROBLEM persaie persaie
2004-05-02 17:19 ` DNAT-PROBLEM Antony Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=995fcdb00409090144c3959f0@mail.gmail.com \
--to=abdulwahid@gmail.com \
--cc=netfilter@lists.netfilter.org \
--cc=tom.fischer@ebuz.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox