HI!
if you add
iptables -t nat -A PREROUTING -d 192.168.0.1 -p tcp --dport 8080 \
-j DNAT --to-destination 192.168.0.2:80
you need
iptables -t nat -A POSTROUTING -s 192.168.0.2 -p tcp --dport 80 -j SNAT --to 192.168.0.1:8080
you can test the conections with tcpdump
Un saludo
David Cardeñosa
-----Mensaje original-----
De: alucard@xxxxxxxxx [mailto:alucard@xxxxxxxxx]
Enviado el: martes, 18 de mayo de 2004 17:13
Para: netfilter@xxxxxxxxxxxxxxxxxxx
Asunto: Re: forwarding
> Although it probably did, are you sure nmap scanned port 8080? How about
> nmap -sT -p 8080 10.73.219.156
>
> I would then trace both the wire and the iptables rules to find out
> where it is breaking - John
Yes, it filters now but now it seems that the problem is in the 2nd server
because I try to telnet to server 1's 8080 port and I get no response. Is
it any missconfiguration on the router? take a look at this:
----
root@mail:~# nmap -sT -p 8080 10.73.219.156
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-05-18 11:06 VET
Interesting ports on mail.aeropostal.com.ve (10.73.219.156):
PORT STATE SERVICE
8080/tcp filtered http-proxy
----
the webserver in server 2 is working perfectly but im not able to reach it
from server one, look at this in server 2, maybe im doing something wrong
[root@linserv root]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
10.73.216.0 * 255.255.252.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth1
Thanx a lot for this great help
Juan
