simple port forwarding question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Hi guys, I was wondering if someone could help me out here. I am fairly well confused after trying to muddle through
this tutorial:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html

I think what I want to do should be easy. Perhaps someone could help.

We are trying to trick the systems into believing that the Kerberos 5 server is on IP#2 (let's call it 192.168.28.3)
but it is in fact on IP#1 (192.168.28.2).

Maybe my attempted iptables commands will make it blatantly obvious what I am trying to do:

iptables -t nat -A PREROUTING --dst 192.168.28.3 -p tcp --dport 88 -j DNAT --to 192.168.28.2
iptables -t nat -A PREROUTING --dst 192.168.28.3 -p udp --dport 88 -j DNAT --to 192.168.28.2

iptables -t nat -A POSTROUTING -p udp --dst 192.168.28.2 --dport 88 -j SNAT --to-source 192.168.28.3
iptables -t nat -A POSTROUTING -p tcp --dst 192.168.28.2 --dport 88 -j SNAT --to-source 192.168.28.3

iptables -t nat -A OUTPUT --dst 192.168.28.3 -p tcp --dport 88 -j DNAT --to-destination 192.168.28.2
iptables -t nat -A OUTPUT --dst 192.168.28.3 -p udp --dport 88 -j DNAT --to-destination 192.168.28.2


Basically we want it so that if I do a "telnet 192.168.28.3 88", I get a connection to "192.168.28.2:88"
This works - when I initiate the connection from 192.168.28.3, but from any other machine on the network
it does not work.

Am I doing something wrong or forgetting a key step? Thanks!

Rohit


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux