Antwort: Re: Antwort: Re: [suse-security] DNAT problems
Helo Martin, helo folks, well that´s problably the fault. I use to try it with a FORWARD rule, but it don´t work. May I do a syntactic fault, but I think it has to be like : $IPTABLES -A FORWARD -i $IF_INT -o $IF_EXT -p tcp -s potsdamerplatz -d IPINTERN --dport FF -j ACCEPT I also try to switch from <<-j MASQUERADE rule>> to <<-j SNAT --to-source MYIP>> I have read: MASQUERADING ins pretty good 4 dynamic IP, I still use static. But it is the same one. :-( Any idea ?? TIA best regards Dirk Ertl T-Systems PCM AG Computing & Desktop Services Business Unit Daimler Chrysler AG / debis Fon: +179/492 63 59 mailto:t-systems.ertl@daimlerchrysler.com mailto:dirk.ertl@t-systems.com Martin.Peikert@discon.de 23.01.2002 13:13 Bitte antworten an Martin.Peikert An: T-Systems Ertl/Extern/040/DCAG/DCX@wk-EMEA2 Kopie: suse-security@suse.com Thema: Re: Antwort: Re: [suse-security] DNAT problems T-Systems.Ertl@daimlerchrysler.com schrieb:
Helo Martin, helo folks,
thanks for your responce.
I can show U the rule:
$IPTABLES -A PREROUTING -t nat -p tcp --dport FF -j DNAT --to-destination IPINTERN
Ok, that's prerouting. Is there a forwarding rule that accepts that traffic? Martin -- martin.peikert@discon.de Discon GmbH Internet Solutions Wrangelstrasse 100 http://www.discon.de/ 10997 Berlin, Germany
T-Systems.Ertl@daimlerchrysler.com schrieb:
May I do a syntactic fault, but I think it has to be like :
$IPTABLES -A FORWARD -i $IF_INT -o $IF_EXT -p tcp -s potsdamerplatz -d IPINTERN --dport FF -j ACCEPT
Isn't $IF_INT the interface for incoming and $IF_EXT the interface for outgoing traffic? If it is, you might try $IPTABLES -A FORWARD -i $IF_EXT -o $IF_INT -p tcp -s potsdamerplatz \ -d IPINTERN --dport FF -j ACCEPT Martin -- martin.peikert@discon.de Discon GmbH Internet Solutions Wrangelstrasse 100 http://www.discon.de/ 10997 Berlin, Germany
T-Systems.Ertl@daimlerchrysler.com schrieb:
May I do a syntactic fault, but I think it has to be like :
$IPTABLES -A FORWARD -i $IF_INT -o $IF_EXT -p tcp -s potsdamerplatz -d IPINTERN --dport FF -j ACCEPT
Isn't $IF_INT the interface for incoming and $IF_EXT the interface for outgoing traffic? If it is, you might try $IPTABLES -A FORWARD -i $IF_EXT -o $IF_INT -p tcp -s potsdamerplatz \ -d IPINTERN --dport FF -j ACCEPT
I think U did -> -d $IPINTERN instead of -d IPINTERN and what you will do with --dport FF is FF a variable too ?? (user $FF) Michael Appeldorn
Michael Appeldorn schrieb:
T-Systems.Ertl@daimlerchrysler.com schrieb:
May I do a syntactic fault, but I think it has to be like :
$IPTABLES -A FORWARD -i $IF_INT -o $IF_EXT -p tcp -s potsdamerplatz -d IPINTERN --dport FF -j ACCEPT
Isn't $IF_INT the interface for incoming and $IF_EXT the interface for outgoing traffic? If it is, you might try $IPTABLES -A FORWARD -i $IF_EXT -o $IF_INT -p tcp -s potsdamerplatz \ -d IPINTERN --dport FF -j ACCEPT
I think U did -> -d $IPINTERN instead of -d IPINTERN
Right. Copy and paste - my fault :-( So, the rule reads $IPTABLES -A FORWARD -i $IF_EXT -o $IF_INT -p tcp -s $potsdamerplatz \ -d $IPINTERN --dport $FF -j ACCEPT
and what you will do with --dport FF
Take a look at the mail from T-Systems.Ertl@daimlerchrysler.com: he did not want to tell us which port he will forward. So I took FF, too (now as a variable name :-) You didn't mention above, but what the hell is potsdamerplatz? ;-) Martin -- martin.peikert@discon.de Discon GmbH Internet Solutions Wrangelstrasse 100 http://www.discon.de/ 10997 Berlin, Germany
participants (3)
-
Martin Peikert -
Michael Appeldorn -
T-Systems.Ertl@daimlerchrysler.com