Thanks, Florin and Robert, for your suggestions.
I'm still stumped, though.
This rule looks to be the REDIRECT rule that Robert suggests.
Unfortunately, as I have it written here, it fail instantly --
telnetting to port 80 causes an instant error.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-
ports 127.0.0.1:8080
This gets packets in, but no reply:
iptables -t nat -A PREROUTING -p tcp -d 64.61.61.112 --dport 80 -j
DNAT --to-destination 127.0.0.1:8080
Florin, I did try running tcpdump before -- good to hear this was a
sound way to debug this; the above "no reply" rule shows the
following packet:
19:47:07.707346 IP [my laptop's ip address].39679 >
64.61.61.112.http: S 4212369272:4212369272(0) win 5840 <mss
1460,sackOK,timestamp 1264677320 0,nop,wscale 2>
So, I'm still stumped.
The exact iptables rules are below.
Any other thoughts? There's not something besides /proc/sys/net/ipv4/
ip_forward that needs to be twiddled, is there?
best,
Jeff
% iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
197 20881 RH-Firewall-1-INPUT all -- any any
anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 RH-Firewall-1-INPUT all -- any any
anywhere anywhere
Chain OUTPUT (policy ACCEPT 139 packets, 36106 bytes)
pkts bytes target prot opt in out source
destination
Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source
destination
8 1688 ACCEPT all -- lo any anywhere
anywhere
1 84 ACCEPT icmp -- any any anywhere
anywhere icmp any
0 0 ACCEPT ipv6-crypt-- any any
anywhere anywhere
0 0 ACCEPT ipv6-auth-- any any
anywhere anywhere
0 0 ACCEPT udp -- any any anywhere
224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- any any anywhere
anywhere udp dpt:ipp
181 18689 ACCEPT all -- any any anywhere
anywhere state RELATED,ESTABLISHED
2 120 ACCEPT tcp -- any any anywhere
anywhere state NEW tcp dpt:ssh
0 0 ACCEPT tcp -- any any anywhere
anywhere state NEW tcp dpt:http
0 0 ACCEPT tcp -- any any anywhere
anywhere state NEW tcp dpt:webcache
5 300 ACCEPT tcp -- eth1 any anywhere
anywhere tcp dpt:5666
0 0 REJECT all -- any any anywhere
anywhere reject-with icmp-host-prohibited
--
Jeff Potter
http://www.atof.net/go/boston
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos