On Wed, 2004-06-23 at 10:00, Antony Stone wrote: > On Wednesday 23 June 2004 3:33 pm, Brett Simpson wrote: > > > On Wed, 2004-06-23 at 09:33, Antony Stone wrote: > > > On Wednesday 23 June 2004 3:08 pm, Brett Simpson wrote: > > > > I've tried a number of different PREROUTING and POSTROUTING rules and > > > > can't seem to make this work. > > > > > > > > I have a system with a single nic (eth0). While I'm on the system via a > > > > shell I would like to connect to 127.0.0.1:6000 and get seemlessly > > > > translated to 207.156.7.15:80. > > > > > My rule will send packets to 207.156.7.15 with a source address of 127.0.0.1 > > Not surprisingly, you don't get anything back... > > Try: > > iptables -A OUTPUT -t nat -p tcp --dport 6000 -d 127.0.0.1 -j DNAT --to > 207.156.7.15:80 > iptables -A POSTROUTING -t nat -p tcp --dport 80 -d 207.156.7.15 -s 127.0.0.1 > -j SNAT --to a.b.c.d > > Where a.b.c.d is the routable address of your machine, to which reply packets > can successfully return. Still no go. My machine is 172.27.228.145. I'm using lynx for the browser on my machine. iptables -A OUTPUT -t nat -p tcp --dport 6000 -d 127.0.0.1 -j DNAT --to 207.156.7.15:80 iptables -A POSTROUTING -t nat -p tcp --dport 80 -d 207.156.7.15 -s 127.0.0.1 -j SNAT --to 172.27.228.145 Thanks, Brett
