Tim Perton wrote:
Dear Grant, thank you very much for your quick reply.
You are welcome.
I agree to the 3 conditions/caveats in your previous email. I have already tried an example on this. Let's say I want to connect to www.google.com (216.239.59.103) so System B is www.google.com
Ok.
According to your example I issue the following commands (after stop/start iptables to be fresh): iptables -A INPUT -p tcp -m tcp --dport 1099 -j ACCEPT
What filtering do you have in place? If you do not have default policies of ACCEPT, you will also need to add rules to your filter:FORWARD chain to allow this traffic to pass through. I.e.
iptables -A FORWARD -i eth0 -o eth0 -d 216.239.59.103 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth0 -s 216.239.59.103 -p tcp --sport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -d a.b.c.d -p tcp --dport 1099 -j DNAT --to-destination 216.239.59.103:80 iptables -t nat -A POSTROUTING -o eth0 -d 216.239.59.103 -p tcp --dport 1099 -j SNAT --to-source a.b.c.d
These commands look ok to me.
I am trying http://a.b.c.d:1099 or with telnet a.b.c.d 1099 (Trying a.b.c.d... telnet: Unable to connect to remote host: Connection refused)
I think you will have better luck playing with telnet to start with. Keep in mind that just because you enter "http://a.b.c.d..."; in your web browser, you are doing more than connecting to that address. You are also asking for a page off of the domain a.b.c.d. So for testing, I'd stick with telnet, or set up a temporary hosts entry for the test domain.
Grant. . . .
