Why would it show as open in netstat? .. .there is no *service* listening on that port. The prerouting will simply mangle the packet so that it gets routed to the destination ... You are not opening a port on the firewall, you are telling the firewall to take packets that show up at that port and ip and punt them around the corner .... Alistair On January 17, 2003 01:31 pm, Michael P. Ryan wrote: > Hi, > > On redhat 7.3 iptables 1.2.5, all needed modules appear to be loaded > correctly. > > I have the box setup to nat and that works like a charm, but run into > problems when I try to port forward to the internal network. Here is > what I run, all pretty text book from what I can tell: > > $IPTABLES -P INPUT ACCEPT > $IPTABLES -F INPUT > $IPTABLES -P OUTPUT ACCEPT > $IPTABLES -F OUTPUT > $IPTABLES -P FORWARD DROP > $IPTABLES -F FORWARD > $IPTABLES -t nat -F > > # Portfw section > $IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --dport 23 -m state --state > NEW,ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -A PREROUTING -t nat -p tcp -d my.external.ip --dport 23 -j > DNAT --to 192.168.0.6:23 > # > > > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state > ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT > $IPTABLES -A FORWARD -j LOG > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
