Re: forwarding iptable packets
On Wednesday 01 February 2006 11:32 am, anoop aryal wrote:
> On Wednesday 01 February 2006 01:18 am, Edward Shornock wrote:
> > On Thu, Feb 02, 2006 at 07:11:07AM +0800, Jon Miller wrote:
> > > I'm having a major problem trying to forward packets from either a
> > > workstation of the LAn to the Internet. I want to be sure I'm doing
> > > this correctly.
> > >
> > > I set a forward rule:
> > > $IPT -A FORWARD -i $INT_IFACE -o eth1 -p tcp --dport 1262 -j ACCEPT
> > >
> > > Then I set a PREROUTING rule
> > > $IPT -A PREROUTING -i $EXT_IFACE -p tcp --dport 1262 -j DNAT
> > > --to-destination 192.168.xxx.xxx
> > >
> > > All I can see using tethereal on the network is SYN packets.
> > >
> > > Any idea what I'm doing wrong?
> >
> > try
> > $IPT -t nat -A PREROUTING -i $EXT_IFACE -p tcp --dport 1262 -j DNAT
> > --to-destination 192.168.xxx.xxx
> >
> > The forward rule looks OK.
>
> if it's *from* the LAN *to* the internet, shouldn't it be:
>
> if you have a static outside IP
> $IPT -t nat -A POSTROUTING -o $EXT_IFACE -p tcp --dport 1262 -j DNAT
> --to-source $EXT_IP
woops,
make that:
$IPT -t nat -A POSTROUTING -o $EXT_IFACE -p tcp --dport 1262 -j SNAT
--to-source $EXT_IP
> or, if your outside IP is dhcp assigned
> $IPT -t nat -A POSTROUTING -o $EXT_IFACE -p tcp --dport 1262 -j MASQUERADE
>
> -anoop.
Reply to: