Re: Port translation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



stan skrev:
Uno Engborg wrote:
stan skrev:
Uno Engborg wrote:
Rüdiger Pretzlaff skrev:

Am 12.07.2008 um 12:21 schrieb Uno Engborg:

For various reasons I would like to forward trafic to port 390 to port 5432 on the same host. One would think this would be a simple task for iptables but I have now tinkered with this for two days, and I still fail to get it right.

I have also tried :
iptables -t nat -A PREROUTING -p tcp --dport 390 -j DNAT --to 192.168.0.5:5432

where 192.168.0.5 is the address of the host


Any ideas on how to do this?


From the man page it looks like you need a colon on the port for DNAT (and no IP
as it will stay the same if not specified, just what you want).
iptables -t nat -A PREROUTING -p tcp --dport 390 -j DNAT --to-destination :5432

I haven't tested, but it seems it should work.

Yes, removing the IP address was probably an improvemnet, but not enough to make it work.

Regards
Uno Engborg

You should add some LOG rules so you can see what is happening to the packet. They will show
you if the port is being altered.

If that doesn't work, could you post the output of iptables -n -L -v? That way everyone can see
exactly what iptables is programmed to do.

After applying:
iptables -t nat -A PREROUTING -p tcp --dport 390 -j REDIRECT --to-port 5432
iptables -t nat -A OUTPUT -o lo -p tcp --dport 390 -j REDIRECT --to-port 5432



iptables -t nat -L -v gives:

Chain PREROUTING (policy ACCEPT 207 packets, 17786 bytes)
pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:390 redir ports 5432

Chain POSTROUTING (policy ACCEPT 321 packets, 20656 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 319 packets, 20536 bytes)
pkts bytes target prot opt in out source destination 2 120 REDIRECT tcp -- any lo anywhere anywhere tcp dpt:390 redir ports 5432


And iptables -n -L -v gives:
# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 19309 24M RH-Firewall-1-INPUT all -- any any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 0 0 RH-Firewall-1-INPUT all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 23922 packets, 37M bytes)
pkts bytes target prot opt in out source destination
Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination 7573 21M ACCEPT all -- lo any anywhere anywhere 0 0 ACCEPT icmp -- any any anywhere anywhere icmp any 0 0 ACCEPT ipv6-crypt-- any any anywhere anywhere 0 0 ACCEPT ipv6-auth-- any any anywhere anywhere 0 0 ACCEPT udp -- any any anywhere 224.0.0.251 udp dpt:5353 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:ipp 11324 2984K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:https 0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:tproxy 0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:7979 0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:imap 0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:imaps 0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:squid 0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:3333 1 60 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh 3 136 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:smtp 202 11352 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:http 206 24045 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited


Port redirection now works locally, but not on the eth0 interface.


Regards
Uno Engborg












--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux