11.06.2019 3:49, Marc Chamberlin пишет: ...
port 10025. Then using SuSEfirewall2 I configured it to do forward masquerading to route connections from port 25 to port 10025. So for example, and in particular for localhost which is shown here, ...
FW_FORWARD_MASQ=" ... \ (ext and int interface routing not shown but it is similar to what is shown below for localhost) 0/0,127.0.0.1,tcp,25,10025,127.0.0.1 \ 0/0,127.0.0.1,tcp,465,10465,127.0.0.1 \ 0/0,127.0.0.1,tcp,587,10587,127.0.0.1 \ 0/0,127.0.0.1,tcp,110,10110,127.0.0.1 \ 0/0,127.0.0.1,tcp,995,10995,127.0.0.1 \ 0/0,127.0.0.1,tcp,143,10143,127.0.0.1 \ 0/0,127.0.0.1,tcp,993,10993,127.0.0.1"
The server is not protected from the internal network (this is a SOHO net) and all the external ports are opened. From either the internal network, or from the external network I can use telnet to connect to either the low number ports or the high numbered ports successfully. But from the localhost I can only connect to the high numbered ports. Connecting to the low number ports, such as 25, gets me a Connection Refused message when I try and do a 'telnet localhost 25'. ('telnet localhost 10025' works!) ...
(and here is some of the things showing the localhost interface)
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 127.0.0.1 tcp dpt:25 to:127.0.0.1:10025
Without knowing what table and chain this is output does not say much. Anyway, packets originated locally do not traverse usual PREROUTING or FORWARD chains so any rule added there will not affect them and connection goes to port 25. As nothing is listens on port 25 you get connection refused. You will need to setup your port redirection rules in OUTPUT chain. See https://netfilter.org/documentation/HOWTO//netfilter-hacking-HOWTO-3.html for explanation how packets traverse netfilter. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org