Michele Petrazzo - Unipex srl wrote: > Hinko Kocevar wrote: >> Hi all, >> >> I'm an absolute beginner on the netfilter stuff, so please bear with >> me here. >> >> We have a device running linux 2.6.19 kernel with iptables installed. >> It acts >> a a gateway for a another mobile device that connects to linux device >> via irda >> port - ppp connection. I've managed to port forward telnet port to >> mobile device >> with the help of this page >> http://kreiger.linuxgods.com/kiki/?Port+forwarding+with+netfilter. >> Our customers want to be able to ping the mobile device behind the >> linux firewall >> and IMHO it is not possible for ICMP packets to be forwarded since it >> is a protocol >> by itself (not a TCP/UDP style service). >> >> >> Is it possible to 'port forward' ICMP requests? >> > > Sure? Looking at firsts google reply, you can find > > iptables -A FORWARD -p icmp --icmp-type echo-request -j ACCEPT > iptables -t nat -A PREROUTING -i eth0 -p icmp DNAT --to-destination > 10.2.1.1 > That seems to work goo, but now the gateway can not reply to ICMP packets... > end so on... > > Or I miss something? I was expecting a solution where gateway would still see the ICMP requests, too. I guess I'll use a telnet service on the mobile device in order to check if it is alive and NAT the port on gateway to high port number eg. 2323 -> mobile device 23. Best regards, Hinko -- Hinko Kočevar, OSS developer ČETRTA POT, d.o.o. Planina 3, 4000 Kranj, SI EU tel ++386 (0) 4 280 66 03 e-mail hinko.kocevar@xxxxxxxxxxxx http www.cetrtapot.si -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
