[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables port fowarding?

On Sun, Feb 17, 2002 at 03:43:25AM -0800, Jeremy T. Bouse wrote:
> On Sun, Feb 17, 2002 at 12:37:08AM -0500, Rick Pasotto wrote:
> > How do I port forward with iptables? With ipchains the command was:
> > 
> > ipmasqadm portfw -a -P tcp -L $extip $port -R $intip $port
> 
> 	What I have in my firewall rules script built with Firewall
> Builder 1.0.0 (fwbuilder) to do port forwarding is:
> 
> iptables -t nat -A PREROUTING -p tcp -s <SRC_IP> -d <EXT_IP>
> --destination-port <PORT> -j DNAT --to-destination <INT_IP>:<PORT>
> 
> 	This works very good... In fact all my machines are behind the
> firewall and only have what ports are forward'd in available...

OK. Here is the rule I used:

iptables -t nat -A PREROUTING -p tcp -s 64.34.82.201 -d 192.168.0.1
--destination-port 2047 -j DNAT --to-destination 192.168.0.5:2047

When I activate the program on the windows box (192.168.0.5) tcpdump
reports lots of hits on eth0 port 2047 but nothing on eth1 port 2047
and the program doesn't respond like it should.

What am I misunderstanding? Does it matter whether the SNAT (to do
masquerading) or the DNAT rule comes first?

Also, how do you list the nat chains? 'iptables -L' only lists the
filter chains.

-- 
If each man has the right to defend, even by force, his person,
his liberty, and his property, several men have the right to get
together, come to an understanding, and organize a collective
force to provide regularly for this defense.
	-- Frédéric Bastiat (1801-1850)
    Rick Pasotto    rickp@telocity.com    http://www.niof.net
Reply to: