John R Pierce ha scritto:
Jeff Potter wrote:
Thanks, Florin and Robert, for your suggestions.
I'm still stumped, though.
This rule looks to be the REDIRECT rule that Robert suggests.
Unfortunately, as I have it written here, it fail instantly --
telnetting to port 80 causes an instant error.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT
--to-ports 127.0.0.1:8080
This gets packets in, but no reply:
iptables -t nat -A PREROUTING -p tcp -d 64.61.61.112 --dport 80 -j
DNAT --to-destination 127.0.0.1:8080
IIRC, you need TWO commands to setup a port forward with iptables, one
for the incoming like you've specified, and another to handle the response.
classic example is...
iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx \
--dport 8888 -j DNAT --to 192.168.0.2:80
iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT
I ran in similar troubles trying to redirect ports to another host; for
me the solution was to use xinetd; I have:
\etc\xinetd.d\pop3proxy
service pop3
{
socket_type = stream
protocol = tcp
wait = no
user = root
bind = 192.168.0.151
redirect = 172.19.3.20 110
}
One word of warning: this was working on FC4, but I think it should work
on C5 too. Also it is redirected to another host but I think it should
work on localhost too.
Lorenzo
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
