mouss <mouss@xxxxxxxxxxx> writes on Sun, 16 Mar 2008 23:36:50 +0100
> Justin Piszcz wrote:
> >
> >
> > On Sun, 16 Mar 2008, Marty Leisner wrote:
> >
> >> I want to accomplish something simple with iptables..
> >> (I've used IPtables successfully without really understanding how to do
> >> something from scratch -- I just followed "recipes")
> >>
> >> I want machine A to redirect port 80 to machine B.
> >>
> >> What's a way to do it? (seems simple enough).
> >>
> >> I've tried a number of ways, and nothing seems to work...
> >>
> >> (the machine isn't a firewall)
> >>
> >> marty
> >
> > 152] How do I forward a port from the internet to the LAN? iptables -A
> > PREROUTING -i eth0 -t nat -p tcp --dport 22 -j DNAT --to 192.168.0.5:22
> >
> > Forward port 22 -> internally to host 192.168.0.5:22 for instance.
> >
> > .. and yes I did test this just now, it still works :)
>
> OP did not give enough details. The above works if the machine is a
> "gateway" (if A is between the client and B).
>
> if the client and B are on the same side of the gateway, B will respond
> directly to the client. and since there is no TCP triplet, this won't
> work (This is the "reflection" problem). If this is the case, OP must
> also NAT the client (source) IP address to force responses to get back
> via machine A.
Right, I don't want any NAT -- I just want it to act as a tcp port relayer
(connection A-B is reflected on connection B-C)
where
A is the source
B is the relay machine
C is the destination
and all machines are on the same lan.
marty
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
