RE: Port forwarding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you all for your responses. I had in mind to update the /etc/hosts
file (as was suggested by George), but didn't want to do it straight away
without knowing the reasons. Will try to put the NAT rules in the output
chain to solve this problem.

Dhyanesh Ramaiya

-----Original Message-----
From: netfilter-admin@xxxxxxxxxxxxxxxxxxx
[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Philip Craig
Sent: Friday, June 06, 2003 11:15 AM
To: Dhyanesh Ramaiya
Cc: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: Port forwarding


Dhyanesh Ramaiya wrote:
> iptables -t nat -A PREROUTING -j DNAT -p tcp -d <public_ip> --dport
110 --to
> <private_ip>:110
> iptables -t nat -A PREROUTING -j DNAT -p tcp -d <public_ip> --dport
25 --to
> <private_ip>:25
>
> What happens, is that when I try to telnet port 25 or 110 from the router
> itself, it doesn't connect and gives the error "Connection refused".
> However, from any other machine on the network it connects. Thinking that
> some firewall rules might be blocking the connection, the default policy
of
> all chains is set to accept.

Packets from the router itself do not go through the PREROUTING
chain, so they aren't being NATed.  You'll need to add similar
NAT rules in the OUTPUT chain.

--
Philip Craig - philipc@xxxxxxxxxxxx - http://www.SnapGear.com
SnapGear - Custom Embedded Solutions and Security Appliances



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux