Re: iptables question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi Ward,

On Thu, Feb 19, 2009 at 20:27,  <Ward.P.Fontenot@xxxxxxxxxxxxxx> wrote:
> I add that and telnet to the port on BOX A and get
> Trying 192.168.0.1...
> telnet: connect to address 192.168.0.1: Connection refused
> I can telnet to that port on BOX B and get a successful connection.

The problem is that when BOX B responds, it will respond with a
192.168.0.2 source IP, and that will only work if it goes through BOX
A again (for the DNAT to do the address translation back to
192.168.0.1).

In short, this will only work if traffic goes back to the source through BOX A.

For instance, this will NOT happen if the host that is connecting to
the forwarded port is in the same subnet as hosts BOX A and BOX B.

This will also NOT happen if BOX A is not the default gateway of BOX
B, or there is somehow another configuration that routes the return
packets through BOX A (like using an SNAT combined with the DNAT to
make the connections look like they are coming from BOX A).

What exactly are you trying to accomplish? Port forwarding is only
useful when you are trying to do something very specific, namely
provide to the Internet a service hosted in a machine that is behind
NAT, other than that, in most cases it creates more problems than it
may solve. If you give more details on what your real problem is,
maybe we can give you other alternatives on how to tackle it.

HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux