Re: Problem with DNAT from localhost to LAN via loopback

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



My problem is from the linux box when trying "telnet [official WAN IP] 3739"
which replies "connection refused". "tcpdump -nt -i lo" shows a simple SYN then
RST. I've add LOG to chains (INPUT/FORWARD/OUTPUT/PREROUTING/POSTROUTING) and
found this telnet connection does not go via the PREROUTING chain. So it
doesn't find any local 3739 port listening so it is not redirected to the
LAN... When I fire up a netcat listing on the port, I can get the connection -
off course (but as I said before, configuration is more complicated and this
test was mandatory)

Is this problem localized to just the Linux box it's self or does it extend to your inter LAN connected systems as well?

I was going to ask if you could DNAT internal traffic that was outbound to your WAN IP but after rereading your IPTables rules you are not specifying an interface to apply your rules to so they apply to all and thus you are doing exactly that.  The next question that comes to mind is are you by chance firewalling traffic that would come in the LAN interface and then turn around and go right back out the same LAN interface?  I.e. people set a default policy of DROP and explicitly allow $LAN to $INet and $INet to $LAN but not necessarily $LAN to $LAN.



Grant. . . .


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux