Re: iptables natting

To: Pieter Immelman <pi@aztec.co.za>
Cc: debian-user@lists.debian.org
Subject: Re: iptables natting
From: Graham Smith <graham@shallowsea.com>
Date: Tue, 12 Jul 2005 15:56:40 +0100
Message-id: <[🔎] 200507121556.40683.graham@shallowsea.com>
In-reply-to: <20050712144344.GC15570@unseen.co.za>
References: <[🔎] 200507121535.38769.graham@crazysquirrel.com> <20050712144344.GC15570@unseen.co.za>

> | iptables -A FORWARD -i eth0 -o eth1 -d 192.168.0.10 -p tcp -j ACCEPT
> |
> | iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT
> | --to-destination 192.168.0.10
>
> Change this to:
>
> iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 8080 -d YOURPUBLICIP
> -j DNAT --to-destination 192.168.0.10
>
> which will apply the rule only to incoming connections to your public IP.

Ok, that's changed.

>
> 192.168.0.10 is trying to make a connection to 192.168.0.10 on port 8080
> and that's being rejected by your firewall.  Is 192.168.0.10 on the same
> machine as the firewall?
>

No it's a different machine to the firewall and isn't running iptables itself. 
That's why I don't understand why it doesn't work. The message appears on the 
server machine and eth1 is the internal interface.

Any attempt to contact http://publicipaddress:8080/ is rejected if it comes 
from inside my network but works fine if the connection comes from outside.

-- 

 .¸¸.·´¯`·.¸¸.·´¯`· Shallow Sea Aquatics .¸¸.·´¯`·.¸¸.·´¯`·
 .¸¸.·´¯`·.¸¸.·´¯ http://www.shallowsea.com ¸.·´¯`·.¸¸.·´¯`

Reply to:

References:
- iptables natting
  - From: Graham Smith <graham@crazysquirrel.com>

Prev by Date: Re: epson R300 w/ cups
Next by Date: Re: metacity?
Previous by thread: Re: iptables natting
Next by thread: Re: iptables natting
Index(es):
- Date
- Thread