On Saturday 03 April 2004 10:50 am, Mark Ord wrote:
> I have iptables setup, firewalling eth0 (the internet) extensively, and
> doing NAT for my lan, and some custom port forwards.
>
> One is forwarding port 81 -> 80 - due to my provider firewalling port
> 80:
> iptables -t nat -I PREROUTING -p tcp --dport 81 -j REDIRECT --to 80
>
> This works for connections coming in on both eth0, and eth1. However, I
> can't connect to port 81 on the iptables machine (no matter what
> iptables rules I try).
That rule looks fine to me, and you must obviously have an appropriate INPUT
rule allowing the connection to port 80 after the REDIRECT has completed,
otherwise you wouldn't be able to connect directly to port 80 which you say
works fine.
The only thing I can think to ask is whether "iptables -L -t nat -nvx" shows
the packet/byte counters for this rule incrementing when you do try to access
port 81?
Perhaps a few judicious LOGging rules (before and after the REDIRECT in the
nat table, before and after the ACCEPT in the INPUT chain) will tell you
something useful?
Regards,
Antony.
--
Most people have more than the average number of legs.
Please reply to the list;
please don't CC me.
