RE: Port forward

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Title: Message
If you port forwarding happens from outside your linux box going inside your network you should telnet from an external address to your linux ip on port 25. Also with every PREROUTING entry you would have to have an entry in your FORWARD chain. This is if your FORWARD default policy is set to drop. If you have the default policy on your FORWARD chain set to ACCEPT then you DON'T have to specifically add it.
 
eg iptables -A FORWARD -p tcp -i eth0 -o eth1 -s 0/0 --dport 25 -j ACCEPT
 
Hope this helps
 
PS: Remeber you have to come in from outside your network to test this rule
-----Original Message-----
From: ASC - Ronald Roeleveld [mailto:r.roeleveld@ascinternational.nl]
Sent: 04 02 2003 15:11 PM
To: 'Eugene Joubert'
Cc: 'netfilter@lists.netfilter.org'
Subject: RE: Port forward

Thanks a lot everyone for the emails...
I did iptables -t nat --list and it now gives me this output:
DNAT       tcp  --  anywhere             anywhere           tcp dpt:smtp to:192.168.22.6:25
But when I tried to telnet from another machine to 192.168.22.5 port 25 (the ip of the netfilter firewall/router) it didn't work at all..Do there has to be a line somewhere that says it's allowed to forward these connections?
 
Regards,
 
Ronald.
-----Original Message-----
From: Eugene Joubert [mailto:eugenej@centratel.co.za]
Sent: dinsdag 4 februari 2003 11:41
To: 'ASC - Ronald Roeleveld';       
Subject: RE: Port forward

remember that you are using DNAT so you would have to specify the -t nat switch in your line.
 
eg
 
iptables -t nat -A PREROUTING -p tcp -s 0/0 --dport 25 -i eth0 -j DNAT --to 192.168.22.6:25
 
Hope this helps
-----Original Message-----
From: ASC - Ronald Roeleveld [mailto:r.roeleveld@ascinternational.nl]
Sent: 04 02 2003 12:31 PM
To: 'netfilter@lists.netfilter.org'
Subject: Port forward

Hi all,
 
Iam trying to set up a port forward for several hours now, but I don't seem to get it working right.
When I type the following command:
iptables -A PREROUTING -p tcp --destination-port 25 -i eth0 -j DNAT --to-destination 192.168.22.6:25
I get this output:
iptables: Invalid argument
I did do iptables -X PREROUTING so the chain does exist.
Can anyone please help me out..
What I want is that all incoming connections on eth0 on port 25 are routed to another machine on the internal network 192.168.22.6
 
Thanks in advance,

Ronald Roeleveld 
System Administrator 

ASCINTERNATIONAL
Vlietweg 17c, 2266 KA, Leidschendam, The Netherlands
Tel. +31 (0)70 3178400, Fax +31 (0)70 3204760
E-mail: r.roeleveld@ascinternational.nl, Website: http://www.ascinternational.nl

 
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux