jwsacksteder@xxxxxxxxxxxxxxxx said: > With netcat it is possible to proxy arbitrary ip:port destination pairs. > Could this be done with netfilter rules entirely? > > As an example, I have a host that listens for incoming tcp connections on > port 110 and I want to forward them to port 5900 on another host > transparently. Obviously ftp and any other multichannel protocols would You mean like this ? # If default FORWARD policy is DROP, then allow this : iptables -A FORWARD -i <if_in> -d <ip_other_host> \ -p tcp --dport 5900 -j ACCEPT (and of course the RELATED,ESTABLISHED stuff) # Forward port 110 to 5900 on other host : iptables -t nat -A PREROUTING -i <if_in> -p tcp --dport 110 \ -j DNAT <ip_other_host>:5900 Gr, Rob
