[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: using DNAT problem

* Leandro Rodrigo Saad Cruz (leandro@ibnetwork.com.br) [020429 18:12]:
> Hi all, I'm trying to test my setup with netcat, this is the scenario :
> Host_A : runs nc host_B 80
> Host_B : iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
> host_C:8088
> Host_C : nc -l -p 8088
> shoudn't anything that I write from Host_A be echoed back by Host_C ??

Probably. Did you really do things in this order? It looks backwards to
me. I'd probably do it this way:

set up DNAT on B
set netcat to listen on C
tell A to try to connect to B, watch it go to C

If it's still not working, here's a few things to check:

Is Host_B 'between' Host_A and Host_C? If they're all together on a LAN,
the return packets from Host_C won't go back through Host_B to be
de-NATed, they'll just go straight back to Host_A, who won't recognize
them as part of the connection. Host_B needs to be a router between the
other 2 hosts.

Does Host_B do any FORWARD filtering? Is it allowing the traffic to
traverse in both directions?

good times,

Currently seeking opportunities in the SF Bay Area
Please see http://www.doorstop.net/resume.shtml

Attachment: pgpvj6wQucq6E.pgp
Description: PGP signature

Reply to: