Re: stupid redirect question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2003-09-06 at 12:40, Jeremy Davis wrote:
Ok my problem is when I add a port redirection in the prerouting chain so
that port 80 traffic goes to a certain box.  I used this rule

iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to
192.168.0.5:80

but this kills all lan http traffic from getting back in to the
workstations.  What am I missing?

Jeremy

This says that all the traffic coming to ppp0 detsined to port 80( as you have not specifed the destination ip) will be redirected to 192.168.0.5 on port 80. 
So make sure that this what you wanted. Else give destination ip with the above rule.
Regards
Dharmendra.T
dharmu@xxxxxxxxxxx
Linux Security and Administrator.


Here is my nat table

Chain PREROUTING (policy ACCEPT 11624 packets, 749K bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 DNAT       tcp  --  any    any     anywhere             anywhere
tcp dpt:dnsix to:192.168.0.5:80
    0     0 DNAT       tcp  --  any    any     anywhere             anywhere
tcp dpt:cadlock to:192.168.0.5:1000
    2   120 DNAT       tcp  --  ppp0   any     anywhere             anywhere
tcp dpt:ftp to:192.168.0.5:21
    3   144 DNAT       tcp  --  any    any     anywhere             anywhere
tcp dpt:telnet to:192.168.0.5:23

Chain POSTROUTING (policy ACCEPT 12 packets, 780 bytes)
 pkts bytes target     prot opt in     out     source
destination
 9770  490K MASQUERADE  all  --  any    ppp0    anywhere
anywhere

Chain OUTPUT (policy ACCEPT 43 packets, 2737 bytes)
 pkts bytes target     prot opt in     out     source
destination



Here is my filter table

Chain INPUT (policy ACCEPT 5427 packets, 393K bytes)
 pkts bytes target     prot opt in     out     source
destination
  823 75341 ACCEPT     icmp --  ppp0   any     anywhere             anywhere
  423 52420 ACCEPT     all  --  ppp0   any     anywhere             anywhere
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  ppp0   any     anywhere             anywhere
tcp dpt:ssh
  348 59851 LOG        all  --  ppp0   any     anywhere             anywhere
LOG level warning
  348 59851 REJECT     all  --  ppp0   any     anywhere             anywhere
reject-with icmp-port-unreachable

Chain FORWARD (policy DROP 80 packets, 3840 bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     tcp  --  ppp0   eth1    anywhere             anywhere
tcp dpt:cadlock
    0     0 ACCEPT     tcp  --  ppp0   eth1    anywhere             anywhere
tcp dpt:http
   18  1001 ACCEPT     tcp  --  ppp0   eth1    anywhere             anywhere
tcp dpt:ftp
 3444  140K ACCEPT     tcp  --  ppp0   eth1    anywhere             anywhere
tcp dpt:telnet
 113K   19M ACCEPT     all  --  eth1   ppp0    anywhere             anywhere
 126K   94M ACCEPT     all  --  ppp0   eth1    anywhere             anywhere
state RELATED,ESTABLISHED

-- 

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux