Re: Plz i need help.... or i ll be fired :(

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thx for your reply... i want to ask sth is the
ESTABLISHED and RELATED necessary for udp traffic?

--- Jörg Harmuth <harmuth@xxxxxxxxx> wrote:

> Alaios wrote:
> > Hi plz take a look at the following example
> > 
> > The laptop has 2 ethernet interfaces
> > To eth1 comes traffic from src 143.233.222.253
> > The eth0 has ip address 10.2.4.2 and it is
> connected
> > back to back with eth1 of other pc with ip address
> > 10.2.4.1
> > I want to forward the traffic with src
> 143.233.222.253
> > to the 10.2.4.1 pc 
> 
> [SNIP]
> 
> > i have also set the
> > /proc/sys/net/ipv4/ip_forward to 1
> 
> Ok.
> 
> [SNIP]
> 
> > I have also tested this one
> > iptables -t nat -A PREROUTING -p tcp -d
> 143.233.222.77
> > (laptop eth1 card) --dport 22453 (i have cheched
> dst
> > port with tcpdump) 00 -j DNAT --to-destination
> > 10.2.4.1
> > this still doesnt work
> > Every time i try to apply a new rule i use first
> > the iptables -F
> > iptables -t nat -F command
> 
> 
> Your PREROUTING rule is probably ok, provided that
> 143.233.222.77 is the 
> IP of eth1. But I think, if the simple approach
> doesn't work you 
> shouldn't it make more complicated. Keep it small
> and simple and when 
> you understand all the details, you may go deeper.
> So, may be you would 
> like to start like this:
> 
> ## Rewrite destination address
> iptables -t nat -A PREROUTING -i eth1 -s
> 143.233.222.253 \
>           -j DNAT --to 10.2.4.1
> 
> ## Allow packets to pass FORWARD
> iptables -A FORWARD -m state --state
> ESTABLISHED,RELATED \
>           -j ACCEPT
> iptables -A FORWARD -i eth1 -s 143.233.222.253 \
>           -j ACCEPT
> 
> ## Now, SNAT outgoing packets
> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to
> 143.233.222.77
> 
> If this is a dial-up connection replace the SNAT
> part with MASQUERADE. 
> BTW, you only need the FORWARD rules if your FORWARD
> policy is DROP or 
> REJECT. And if you have other policies in filter
> table set to DROP or 
> REJECT enable loopback. And finally, set all
> policies in nat and mangle 
> to ACCEPT (and in raw, if you have that). This
> should get you started.
> 
> HTH,
> 
> Joerg
> 
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux