Re: my iptables script

To: debian-firewall@lists.debian.org
Subject: Re: my iptables script
From: Roland Mas <roland.mas@free.fr>
Date: Wed, 10 Sep 2003 22:49:20 +0200
Message-id: <[🔎] 87oexswer3.fsf@mirexpress.302-consulting.net>
References: <1062371226.1599.95.camel@coltrane> <200309011017.37884.tarragon@onthe.net.au> <[🔎] 1062638150.1002.2.camel@coltrane> <[🔎] 200309041132.03196.tarragon@onthe.net.au> <[🔎] 1062640805.1002.31.camel@coltrane> <[🔎] 3F5842E4.3010705@enaikoon.de>

> Jule Slootbeek wrote:
>
>>Tarragon,
>>
>>a pair of these rules:
>>(eth0: external)
>>iptables -A FORWARD -m state --state NEW -p tcp -i eth0 -d 192.168.0.2
>>--dport 2401
>>iptables -t nat -A POSTROUTING -i eth0 -p tcp --dport 2401 -j DNAT
>>--to-destination 192.168.0.1:2401
>>
>>still does not show the port 2401 open with an nmap localhost op the
>> gateway.

(Forgive my bad quoting, I just subscribed and I'm lacking the parent
message).

My hypothesis: your DNAT only works for packets coming in through
interface eth0.  If you nmap localhost, the packets it's sending will
come in through interface lo.  Thus, they won't be DNATed.  Try  to
run "nmap your_ip_address" instead.

Roland.
-- 
Roland Mas

If you're ever confused as to which mode you're in, keep entering the
<escape> key until vi beeps at you.  -- nvi manual page.

Reply to:

References:
- Re: my iptables script
  - From: Jule Slootbeek <jslootbeek@clarku.edu>
- Re: my iptables script
  - From: Tarragon Allen <tarragon@onthe.net.au>
- Re: my iptables script
  - From: Jule Slootbeek <jslootbeek@clarku.edu>
- Re: my iptables script
  - From: uberthold <uberthold@enaikoon.de>

Prev by Date: RE: Traffic Shaping -- I Need a Push in the Right Direction
Next by Date: Re: Traffic Shaping -- I Need a Push in the Right Direction
Previous by thread: Re: forwarded ports was: my iptables script
Next by thread: Re: my iptables script
Index(es):
- Date
- Thread