Re: [suse-security] Portforwarding with Iptables
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
My specific rules: $IPTABLES -A FORWARD -i $IF -o $INTIF -m state --state NEW,ESTABLISHED -p tcp -s $i -d 192.168.10.4 --dport 4899 - -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $IF -m state --state ESTABLISHED -p tcp -s 192.168.10.4 --sport 4899 -d $i -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $IF -p tcp --dport 4899 - -j DNAT --to-destination 192.168.10.4:4899
if i understood correctly you need a DNAT-Rule
yes, that's what I thought.
Telnetting directly from this (forwarding)host works perfectly.
(because you are in the same subnet i guess...)
try something like this:
$IPTABLES -t nat -A PREROUTING -p TCP -i $IF --dport 4899 -j DNAT --to-destination 192.168.10.4
look at my 3rd rule, that's exactly what I already have.
(perhaps you also need to add some rules like -A INPUT and -A OUTPUT to let your host4 (?) accept and output the port 4899 Traffic, perhaps you already have the output rule ?)
No, there is no filtering done on this host... Maybe this isn't an iptables but a routing problem! What happens, if the "background"-host's default route is different?
hope this helps, Andreas
Thank you, Claus. - -- Kostenlose Stundenerfassung mit http://time.jambit.com - ------------------------------------------------------ Claus Weber, Network Administrator jambit Software Development & Management GmbH Sendlinger Straße 24, D-80331 München http://www.jambit.com fon: +49.89.260 19 593, gsm: +49.177.867 17 34 fax: +49.89.260 19 585 PGP-Key fingerprint: E94C 5E65 B4FB 2E7D 82A8 814C A450 C01E F990 A9FD -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE994dupFDAHvmQqf0RAiMYAJ9g7F/GU9l7FJLyt1ijJRlxp/ruKACcDFpq hYIi9YPk6u/Mrg0XijMnSqU= =7aEl -----END PGP SIGNATURE-----
participants (1)
-
Claus Weber