how do bind a port to a nic?
woud 'iptables -A PREROUTING -p tcp --dport 9999 -i eth1' take all traffic going to the server on port 9999 and direct it to use eth1? if not what is the proper syntax? thanks, ryan
On 24/04/06 12:59, Ryan McCain wrote:
woud 'iptables -A PREROUTING -p tcp --dport 9999 -i eth1' take all traffic going to the server on port 9999 and direct it to use eth1? if not what is the proper syntax? Use eth1 for what? Send it to where?
This command tells the firewall the rule applies only to tcp traffic arriving on eth1, with a destination port of 9999. It does not say anything at all about what is to be done with the packets; that is done with the -j option. I am not sure if this command would need to specify the proper table explicitly, with the -t option. The PREROUTING chain is part of the nat table, but without the -t option, the default table is the filter table. I would prefer to use: iptables -t nat -A PREROUTING (etc) This single command also does not tell us how this traffic arrives in the nat table in the first place. All incoming network traffic must first be handled by a rule in the INPUT or FORWARD chains of the filter table, for example: iptables -A FORWARD -p tcp --dport 9999 -i eth1 -j nat This last command tells the firewall that any tcp traffic to port 9999 arriving here on eth1, but addressed to some other system, shall be sent to the nat table for further action. If the traffic was addressed to *this* system, you would use INPUT instead of FORWARD. The PREROUTING chain is used to alter a packet immediately as it arrives, eg. mark it in some way, or change a packet header, which is not what you suggest you are trying to do. You seem only to want to do a bit of port forwarding. Please tell us a bit more about exactly what it is you wish to do.
participants (2)
-
Darryl Gregorash
-
Ryan McCain