Re: Port Forwarding .

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

ok, flushed all tables, and all chains, changed back the policy to
accept, and then reentered the rules you sent me before Grant.  And
stil no dice.
root@charz-server:/home/charz# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 1241 packets, 167K bytes)
 pkts bytes target     prot opt in     out     source
destination
   24  1296 DNAT       tcp  --  eth0   *       0.0.0.0/0
10.0.1.192          tcp dpt:80 to:10.0.10.1

Chain POSTROUTING (policy ACCEPT 29 packets, 5063 bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 SNAT       tcp  --  *      eth0    10.0.10.1
0.0.0.0/0           tcp spt:80 to:10.0.1.192

Chain OUTPUT (policy ACCEPT 35 packets, 5543 bytes)
 pkts bytes target     prot opt in     out     source
destination

still the prerouting seems to be matching but the others stay at 0.

At the moment i m still reading documentation to see if i can spot the mistake,
thanks again for the help.

Why would the prerouting accept and not continue to postrouting?

On Tue, Jul 8, 2008 at 9:53 PM, Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> wrote:
> On 7/7/2008 6:58 PM, Charles Romestant wrote:
>>
>> ok a little more info, for debugs sake...
>
> Ok!  You have not been clearing your IPTables before adding additional
> rules.  Please run the following commands and re-try what I submitted
> earlier.
>
> iptables -t filter -F
> iptables -t nat -F
>
>> again it seems only the first rulein the PREROUTING is executing as
>> consecutive looks at this while trying to browse to the page show increment
>> in pckts.
>
> *nod*
>
> Your first DNAT rule, which is incorrect, is being matched before the
> rule(s) that I provided.  You need to flush your IP tables and chains.
>
>> again, thank you for your patience.
>
> *nod*
>
> You are welcome.
>
>
>
> Grant. . . .
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>



-- 
Charz
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux