Thx for answer antony here the complet rules list, sorry for this xx.xx.xx it was stupid from me (full range)... Ip : xx.xxx.24.51 , should be fw to ip: xx.xxx.24.58 (only for 1 port) thank you echo "1" > /proc/sys/net/ipv4/ip_forward iptables -F FORWARD iptables -t nat -F iptables -A FORWARD -j LOG iptables -A FORWARD -p udp -d xx.xxx.24.58 --dport xxx21 -j ACCEPT iptables -t nat -A PREROUTING -p udp -d xx.xxx.24.51 --dport xxx21 -j DNAT --to xx.xxx.24.58:xx021 iptables -A FORWARD -p tcp -d xx.xxx.24.58 --dport xxx21 -j ACCEPT iptables -t nat -A PREROUTING -p tcp -d xx.xxx.24.51 --dport xxx21 -j DNAT --to xx.xxx.xx.58:xxx21 > On Wednesday 26 November 2003 10:03 pm, sc2@xxxxxx wrote: > > > hello > > i use iptables .7, but it does not work (forward) , any ideas? > > thank you , > > ps: same rules down i have make for tcp match not only for udp > > > > echo "1" > /proc/sys/net/ipv4/ip_forward > > iptables -F FORWARD > > iptables -t nat -F > > iptables -A FORWARD -j LOG > > iptables -A FORWARD -p udp -d ip --dport port -j ACCEPT > > iptables -t nat -A PREROUTING -p udp -d ip --dport port -j DNAT --to > > ip:port > > I assume in that last rule the two occurrences of "ip" are different. > > Which one is specified in the FORWARD rule? Make sure it is the translated > address (ie the address on the packet after it has gone through the > PREROUTING rule), because it will no longer have the original destination > address by the time it hits the FORWARD chain. > > If that's not the answer then post your actual ruleset (by all means munge the > addresses if you don't want us to know exactly what they are, but let us see > which ones are which...) > > Antony. > > -- > Wanted: telepath. You know where to apply. > > Please reply to the list; > please don't CC me. > > >
