Tim Perton a écrit :
I tried the forward rules too but nothing. Still telnet a.b.c.d 1099 does not work after issuing the following commands(no other firewalling made to prohibit packets): iptables -A INPUT -p tcp -m tcp --dport 1099 -j ACCEPT
This rule is useless because connections to port 1099 are forwarded to another host. INPUT chains see only traffic for the local host.
iptables -A FORWARD -i eth0 -o eth0 -d 216.239.59.103 -p tcp --dport 80 -j ACCEPT
Ok.
iptables -A FORWARD -i eth0 -o eth0 -s 216.239.59.103 -p tcp --sport 80 -j ACCEPT
Use the connection tracking (-m state --state ESTABLISHED) to deal with return traffic.
iptables -t nat -A PREROUTING -i eth0 -d a.b.c.d -p tcp --dport 1099 -j DNAT --to-destination 216.239.59.103:80
Ok.
iptables -t nat -A POSTROUTING -o eth0 -d 216.239.59.103 -p tcp --dport 1099 -j SNAT --to-source a.b.c.d
The rule must match on destination port 80 instead of 1099, because it occurs after the destination port has been translated. Remember the path is :
PREROUTING (DNAT) -> FORWARD -> POSTROUTING (SNAT)
