On Tue, 2002-12-31 at 07:14, Nicos Gollan wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tuesday 31 December 2002 07:57, Alex Malinovich wrote: > > Here's the rule that I'm using (as spit out by iptables-save): > > > > -A PREROUTING -d 208.163.68.11 -p tcp -m tcp --dport 6346 -j DNAT > > --to-destination 192.168.0.8:6346 > > Perhaps try to do filtering not based on destination address but on > source address. I'm using something like this for my forwarding and it > used to work: > > - -A PREROUTING -s ! 192.168.1.0/255.255.255.0 -p tcp -m tcp --dport 6346 > - -j DNAT --to-destination 192.168.1.11:6346 > > Just substitute your internal network(s). Nope, this doesn't work either. After spending the last 24+ hours messing around with this, I've learned at least one important thing. It seems that all ports over 1024 aren't being forwarded. I set up oftpd on my desktop system (behind the firewall) and set port 21 to be forwarded. Everything works fine. I set oftpd to run on port 6346 and then set port 6346 to be forwarded, and the request never makes it to my desktop system. Now the only problem is figuring out why this is happening and what to do about it. As always, any suggestions are greatly appreciated. :) -Alex
Attachment:
signature.asc
Description: This is a digitally signed message part