Under the netfilter model, this is known as DNAT (Destination NAT, because it is the destination field of incoming packets that is being rewritten). you'll want something like the following: iptables -t nat -A PREROUTING -d $extip -p tcp --dport 135 -j DNAT --to-destination 192.168.1.1 (also see http://netfilter.samba.org/unreliable-guides/NAT-HOWTO/ for more info). hth, Vineet * Sebastiaan (S.Breedveld@ITS.TUDelft.NL) [010622 12:29]: > > > > doing a search for -dport or -sport for source and destination ports > > > > > > > thank you for your reply, but I am not getting much wiser with this > > > document. I learn by examples. I was thinking about this: > > > iptables -A INPUT -i eth0 -d 212.127.10.10 -dport 135 -j ACCEPT > > > iptables -A OUTPUT -i eth1 -s 192.168.1.1 -sport 135 -j ACCEPT > > > > internal ip address on the world side of your firewall box - either thats > > wrong or you must have a router doing nat before any packets will > > arrive? > > > Hello, > > Simply said I want to do this with iptables: > ipmasqadm portfw -a -P tcp -L $extip 135 -R 192.168.1.1 135 > > so that tcp traffic from port 135 is directly forwarded to port 135 on my > local machine and vice versa. > > Sorry if I was unclear. > > Thanks in advance, > Sebastiaan > > > > -- > To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org >
Attachment:
pgp98DI0cbcDu.pgp
Description: PGP signature