From mboxrd@z Thu Jan 1 00:00:00 1970 From: ASC - Ronald Roeleveld Subject: RE: Port forward Date: Tue, 4 Feb 2003 11:56:42 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C2CC3C.19AEB7E0" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: 'Eric Leblond' Cc: "'netfilter@lists.netfilter.org'" This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C2CC3C.19AEB7E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Thanks a lot the error message is gone now, after I changed the line to: iptables -t nat -A PREROUTING -p tcp --destination-port 25 -i eth0 -j = DNAT --to-destination 192.168.22.6:25 But when I do iptables --list I dont see any entrys in the chain for PREROUTING Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 192.168.32.6 anywhere tcp dpt:ssh ACCEPT udp -- 192.168.32.6 anywhere udp dpt:ssh ACCEPT tcp -- 192.168.22.6 anywhere tcp dpt:ssh ACCEPT udp -- 192.168.22.6 anywhere udp dpt:ssh ACCEPT tcp -- thamaster.xs4all.nl anywhere tcp dpt:ssh ACCEPT udp -- thamaster.xs4all.nl anywhere udp dpt:ssh ACCEPT tcp -- 192.168.22.0/24 anywhere tcp dpt:www ACCEPT udp -- 192.168.22.0/24 anywhere udp dpt:www ACCEPT tcp -- localnet/24 anywhere tcp dpt:www ACCEPT udp -- localnet/24 anywhere udp dpt:www ACCEPT all -- anywhere anywhere DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN Chain FORWARD (policy ACCEPT) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU ACCEPT all -- anywhere anywhere state ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU Chain PREROUTING (0 references) target prot opt source destination Regards, Ronald Roeleveld=20 System Administrator=20 ASCINTERNATIONAL=20 Vlietweg 17c, 2266 KA, Leidschendam, The Netherlands=20 Tel. +31 (0)70 3178400, Fax +31 (0)70 3204760 E-mail: r.roeleveld@ascinternational.nl , Website: http://www.ascinternational.nl =20 =20 =20 =20 -----Original Message----- From: Eric Leblond [ mailto:eleblond@init-sys.com ] Sent: dinsdag 4 februari 2003 11:49 To: ASC - Ronald Roeleveld Subject: Re: Port forward On Tue, 2003-02-04 at 11:31, ASC - Ronald Roeleveld wrote: > Hi all, >=20 > Iam trying to set up a port forward for several hours now, but I = don't > seem to get it working right. > When I type the following command: > iptables -A PREROUTING -p tcp --destination-port 25 -i eth0 -j DNAT > --to-destination 192.168.22.6:25 you forget to specify that you work on the NAT table so add -t nat ou your line -- =C9ric Leblond courriel : eleblond@init-sys.com ------_=_NextPart_001_01C2CC3C.19AEB7E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Thanks a lot the error message is gone= =20 now,
after I changed the line to:
iptables -t nat -A PREROUTING -p tc= p=20 --destination-port 25 -i eth0 -j DNAT --to-destination=20 192.168.22.6:25

But when I do iptables --list
I dont see any entr= ys in=20 the chain for PREROUTING

Chain INPUT (policy=20 ACCEPT)
target     prot opt=20 source           &nb= sp;  =20 destination
ACCEPT     tcp  -- =20 192.168.32.6        =20 anywhere           tcp=20 dpt:ssh
ACCEPT     udp  -- =20 192.168.32.6        =20 anywhere           udp=20 dpt:ssh
ACCEPT     tcp  -- =20 192.168.22.6        =20 anywhere           tcp=20 dpt:ssh
ACCEPT     udp  -- =20 192.168.22.6        =20 anywhere           udp=20 dpt:ssh
ACCEPT     tcp  -- =20 thamaster.xs4all.nl =20 anywhere           tcp=20 dpt:ssh
ACCEPT     udp  -- =20 thamaster.xs4all.nl =20 anywhere           udp=20 dpt:ssh
ACCEPT     tcp  -- =20 192.168.22.0/24     =20 anywhere           tcp=20 dpt:www
ACCEPT     udp  -- =20 192.168.22.0/24     =20 anywhere           udp=20 dpt:www
ACCEPT     tcp  -- =20 localnet/24         =20 anywhere           tcp=20 dpt:www
ACCEPT     udp  -- =20 localnet/24         =20 anywhere           udp=20 dpt:www
ACCEPT     all  -- =20 anywhere           &= nbsp;=20 anywhere
DROP       tcp  -- =20 anywhere           &= nbsp;=20 anywhere           tcp=20 flags:SYN,RST,ACK/SYN

Chain FORWARD (policy=20 ACCEPT)
target     prot opt=20 source           &nb= sp;  =20 destination
TCPMSS     tcp  -- =20 anywhere           &= nbsp;=20 anywhere           tcp=20 flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT    =20 all  -- =20 anywhere           &= nbsp;=20 anywhere           state = ESTABLISHED

Chain OUTPUT (policy=20 ACCEPT)
target     prot opt=20 source           &nb= sp;  =20 destination
TCPMSS     tcp  -- =20 anywhere           &= nbsp;=20 anywhere           tcp=20 flags:SYN,RST/SYN TCPMSS clamp to PMTU
TCPMSS    =20 tcp  -- =20 anywhere           &= nbsp;=20 anywhere           tcp=20 flags:SYN,RST/SYN TCPMSS clamp to PMTU

Chain PREROUTING (0=20 references)
target     prot opt=20 source           &nb= sp;  =20 destination

Regards,

Ronald Roeleveld 
System Administrator&nbs= p;

ASCINTERNATIONAL
Vlietweg 17c, 2266 KA, Leidschendam, The Netherlands
Tel. +31 (0)70 3178400, Fax +31 (0)70= =20 3204760
E-mail: r.roeleveld@ascinternationa= l.nl,=20 Website: http://www.ascinternational.nl

 
 
 


-----Original Message-----
From: Eric Leblond [mailto:eleblond@init-sys.com]
= Sent:=20 dinsdag 4 februari 2003 11:49
To: ASC - Ronald Roeleveld
Subject: Re:= Port=20 forward


On Tue, 2003-02-04 at 11:31, ASC - Ronald Roeleveld=20 wrote:
> Hi all,

> Iam trying to set up a port fo= rward=20 for several hours now, but I don't
> seem to get it working right.>=20 When I type the following command:
> iptables -A PREROUTING -p tcp=20 --destination-port 25 -i eth0 -j DNAT
> --to-destination=20 192.168.22.6:25

you forget to specify that you work on the NAT table= so=20 add
-t nat
ou your line

--
=C9ric Leblond
courriel :=20 eleblond@init-sys.com

------_=_NextPart_001_01C2CC3C.19AEB7E0--