I tried the forward rules too but nothing. Still telnet a.b.c.d 1099 does not work after issuing the following commands(no other firewalling made to prohibit packets): iptables -A INPUT -p tcp -m tcp --dport 1099 -j ACCEPT iptables -A FORWARD -i eth0 -o eth0 -d 216.239.59.103 -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -i eth0 -o eth0 -s 216.239.59.103 -p tcp --sport 80 -j ACCEPT iptables -t nat -A PREROUTING -i eth0 -d a.b.c.d -p tcp --dport 1099 -j DNAT --to-destination 216.239.59.103:80 iptables -t nat -A POSTROUTING -o eth0 -d 216.239.59.103 -p tcp --dport 1099 -j SNAT --to-source a.b.c.d Telnet gives: telnet a.b.c.d 1099 Trying a.b.c.d... telnet: connect to address a.b.c.d: Operation timed out telnet: Unable to connect to remote host Is it a good idea to accept all udp packets too? I do not know. Has anyone used those rules and worked? Tim. --- Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> wrote: > Tim Perton wrote: > > Dear Grant, > > thank you very much for your quick reply. > > You are welcome. > > > I agree to the 3 conditions/caveats in your > previous > > email. I have already tried an example on this. > > Let's say I want to connect to www.google.com > > (216.239.59.103) so System B is www.google.com > > Ok. > > > According to your example I issue the following > > commands (after stop/start iptables to be fresh): > > > > iptables -A INPUT -p tcp -m tcp --dport 1099 -j > ACCEPT > > What filtering do you have in place? If you do not > have default > policies of ACCEPT, you will also need to add rules > to your > filter:FORWARD chain to allow this traffic to pass > through. I.e. > > iptables -A FORWARD -i eth0 -o eth0 -d > 216.239.59.103 -p tcp --dport 80 > -j ACCEPT > > iptables -A FORWARD -i eth0 -o eth0 -s > 216.239.59.103 -p tcp --sport 80 > -j ACCEPT > > > iptables -t nat -A PREROUTING -i eth0 -d a.b.c.d > -p > > tcp --dport 1099 -j DNAT --to-destination > > 216.239.59.103:80 > > > > iptables -t nat -A POSTROUTING -o eth0 -d > > 216.239.59.103 -p tcp --dport 1099 -j SNAT > --to-source > > a.b.c.d > > These commands look ok to me. > > > I am trying http://a.b.c.d:1099 or with telnet > > a.b.c.d 1099 (Trying a.b.c.d... telnet: Unable to > > connect to remote host: Connection refused) > > I think you will have better luck playing with > telnet to start with. > Keep in mind that just because you enter > "http://a.b.c.d..." in your web > browser, you are doing more than connecting to that > address. You are > also asking for a page off of the domain a.b.c.d. > So for testing, I'd > stick with telnet, or set up a temporary hosts entry > for the test domain. > > > > Grant. . . . > > ____________________________________________________________________________________ We won't tell. Get more on shows you hate to love (and love to hate): Yahoo! TV's Guilty Pleasures list. http://tv.yahoo.com/collections/265 ____________________________________________________________________________________ The fish are biting. Get more visitors on your site using Yahoo! Search Marketing. http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php