Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [SLE] how do bind a port to a nic?
  • From: Darryl Gregorash <raven@xxxxxxxxxxxxx>
  • Date: Mon, 24 Apr 2006 16:10:02 -0600
  • Message-id: <444D4CBA.3050406@xxxxxxxxxxxxx>
On 24/04/06 12:59, Ryan McCain wrote:
>woud 'iptables -A PREROUTING -p tcp --dport 9999 -i eth1' take all
>traffic going to the server on port 9999 and direct it to use eth1? if
>not what is the proper syntax?
Use eth1 for what? Send it to where?

This command tells the firewall the rule applies only to tcp traffic
arriving on eth1, with a destination port of 9999. It does not say
anything at all about what is to be done with the packets; that is done
with the -j option. I am not sure if this command would need to specify
the proper table explicitly, with the -t option. The PREROUTING chain is
part of the nat table, but without the -t option, the default table is
the filter table. I would prefer to use:

iptables -t nat -A PREROUTING (etc)

This single command also does not tell us how this traffic arrives in
the nat table in the first place. All incoming network traffic must
first be handled by a rule in the INPUT or FORWARD chains of the filter
table, for example:

iptables -A FORWARD -p tcp --dport 9999 -i eth1 -j nat

This last command tells the firewall that any tcp traffic to port 9999
arriving here on eth1, but addressed to some other system, shall be sent
to the nat table for further action. If the traffic was addressed to
*this* system, you would use INPUT instead of FORWARD.

The PREROUTING chain is used to alter a packet immediately as it
arrives, eg. mark it in some way, or change a packet header, which is
not what you suggest you are trying to do. You seem only to want to do a
bit of port forwarding. Please tell us a bit more about exactly what it
is you wish to do.

< Previous Next >
References