RE: REDIRECT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Please don't use the word "it" as "it" doesn't define the problem.
 
You have 3 networks (192.168.1.0/24,10.0.0.X,172.16.15.X), are all the default gateways been defined?
Have you done a tcpdump and log packets to determine where it's getting stuck?
 
Your problem is most likely that Server1 either doesn't have routes for those networks (since your not using MASQUERADE) or you have DROP rules which aren't shown on this email.
Are all the default policies ACCEPT or DROP or what?

Thanks,

 
____________________________________________
George Vieira
 Citadel Computer Systems Pty Ltd Systems Manager georgev AT citadelcomputer DOT com DOT au
Citadel Computer Systems Pty Ltd
Phone : +61 2 9955 2644 HelpDesk: +61 2 9955 2698 http://www.citadelcomputer.com.au
 
 
-----Original Message-----
From: Juliano Murlick [mailto:jmurlick@xxxxxxxxxxxxxx]
Sent: Friday, August 08, 2003 3:38 AM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: REDIRECT
Importance: High

Hello All,
I wanna rediect all conections from 192.168.1.0/24 network to a 10.0.0.2 server on 80 port for a 172.65.15.11 server, also on  80 port,  for that, i did some things: 
 
1 - All rules/iptables is on route 1;
2 - The route 2 don't filter any packet, just route, i can ping from a client machine (192.168.1.25) to the both server and connect to a 80 port on both server, and then, i don't have any problem of routing. When a read the rules i can't connect any more on server 10.0.0.2, just direct to a server 172.16.15.11;
3 - My rules on iptables are:
 
    iptables -A FORWARD -p tcp -s 192.168.1.0/24 --sport 1024:65535 -d 10.0.0.2--dport 80 -j ACCEPT
    iptables -A FORWARD -p tcp -s 192.168.1.0/24 --sport 1024:65535 -d 172.16.15.11--dport 80 -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp --sport 1024:65535 -d 10.0.0.2 --dport 80 -j DNAT --to 172.16.15.11:80
 
 
                                                         (Server 1)
                                                        +----------+
      (Client)           ( Linux - Router 1)       |----| 10.0.0.2 |
 +---------------+    +-----------------------+    |    +----------+
 | 192.168.1.25  |----|192.168.1.1 / 10.0.0.1 |----|                    
 +---------------+    +-----------------------+    |          (Route 2)                (Server 2)
                                                      +----------------------+    +--------------+
                                                   |----|10.0.0.3 / 172.16.15.1|----| 172.16.15.11 |
                                                        +----------------------+    +--------------+
 
 
But it doesn't working ... anyone has any idea ???
 
Thanks in advance!
 
Att,
Juliano Murlick
 
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux