dfgdfg dfgdf wrote:
Hi
I have a question about iptables port forward:
I have the following rules which are working ok if I try it
from outside
but when I try it from the localhost (which is running the
iptables) it is not working ?
Does any body know why it isn't working this way?
and what is the solution ?
Thx a lot
Anti
------------------
# Redirect port 5900
iptables -t nat -A PREROUTING -p tcp -d $LOCAL_IP --dport
5900 -j DNAT --to $OTHER_HOST_IP:5900
iptables -t nat -A POSTROUTING -o eth0 -p tcp -d
$OTHER_HOST_IP --dport 5900 -j MASQUERADE
What *exactly* isn't working ? Do you mean, that eg
telnet $IP_OR_NAME_OF_IPTABLES_BOX 5900
doesn't connect you with $OTHER_HOST_IP:5900, if you issue this command
on the iptables box itself ? If this is your question, well - iptables
can't do this with your rule set (assuming that the rules you posted are
only relevant rules). Locally generated packets never pass
nat/PREROUTING. They pass nat/OUTPUT instead. See
http://iptables-tutorial.frozentux.net/chunkyhtml/c951.html
for details.
Joerg
