Re: forwarding iptable packets
On Wednesday 01 February 2006 01:18 am, Edward Shornock wrote:
> On Thu, Feb 02, 2006 at 07:11:07AM +0800, Jon Miller wrote:
> > I'm having a major problem trying to forward packets from either a
> > workstation of the LAn to the Internet. I want to be sure I'm doing
> > this correctly.
> >
> > I set a forward rule:
> > $IPT -A FORWARD -i $INT_IFACE -o eth1 -p tcp --dport 1262 -j ACCEPT
> >
> > Then I set a PREROUTING rule
> > $IPT -A PREROUTING -i $EXT_IFACE -p tcp --dport 1262 -j DNAT
> > --to-destination 192.168.xxx.xxx
> >
> > All I can see using tethereal on the network is SYN packets.
> >
> > Any idea what I'm doing wrong?
>
> try
> $IPT -t nat -A PREROUTING -i $EXT_IFACE -p tcp --dport 1262 -j DNAT
> --to-destination 192.168.xxx.xxx
>
> The forward rule looks OK.
if it's *from* the LAN *to* the internet, shouldn't it be:
if you have a static outside IP
$IPT -t nat -A POSTROUTING -o $EXT_IFACE -p tcp --dport 1262 -j DNAT
--to-source $EXT_IP
or, if your outside IP is dhcp assigned
$IPT -t nat -A POSTROUTING -o $EXT_IFACE -p tcp --dport 1262 -j MASQUERADE
-anoop.
Reply to: