[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On Sun, Mar 07, 2004 at 05:22:00AM +0100, D. Benz wrote:
> I made this rule for portforwarding:
> 	(1)	iptables -t nat -I PREROUTING -i $ext_if -p tcp --dport
> $port -j DNAT --to $local_ip:$local_port
> But a client connection from outside on that specified service port couldn't
> be established. iptables -vL shows me not a single packet has hit that rule
> and therefore didn't pass through the FORWARD chain which of course has to
> be set to ACCEPT by default or in my case when DROP is default another rule
> like
> 	(2)	iptables -I FORWARD -i $ext_if -o $int_if -p tcp --dport
> $port -j ACCEPT
> is needed.
> ip_forward is enabled. 
> Anyone having an advice?

You also need iptables -I INPUT <etc> if you've got a destructive policy or
late rule.  And, from memory, you don't need the FORWARD rule, as the NAT
table bypasses it (as I say, from memory, if it doesn't work without it,
obviously I need to recache that info).

- Matt

Reply to: