Re: IP Forwarding works on local port but not a remote port

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Well, I ended up figuring it out.  I swear I tried this early on
because this is how I wanted it to work in the first place.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 1524 -i eth0 -j DNAT --to
10.117.1.203:1524

That is all I needed.  The machine sits behind another firewall so
none of the other chains are necessary.  Thanks for all the help.

Dan

On Fri, Feb 5, 2010 at 3:04 PM, Dan Daugherty <rescue@xxxxxxxxxxxxxx> wrote:
> Forgot to mention I'm on a Redhat Enterprise Linux 5 box with the
> stock kernel.  Tried to compile my own and the build fails
> immediately.  I assumed that since I can route requests locally, the
> kernel was compiled properly for iptables.
>
> On Fri, Feb 5, 2010 at 3:01 PM, Dan Daugherty <rescue@xxxxxxxxxxxxxx> wrote:
>>> Are you using /16 netmask?
>> No, I just took the 10.117 part off the ip's to shorten the message.
>>>
>>>
>>> None of them got SNATed. Why? Should they go out through eth0? Try to
>>> remove "-o eth0".
>> Removed it and no change
>>>
>>> Also do you have ip.forwarding enabled (sysctl -a | grep forward")?
>> net.ipv6.conf.eth0.forwarding = 0
>> net.ipv6.conf.default.forwarding = 0
>> net.ipv6.conf.all.forwarding = 0
>> net.ipv6.conf.lo.forwarding = 0
>> net.ipv4.conf.eth0.mc_forwarding = 0
>> net.ipv4.conf.eth0.forwarding = 1
>> net.ipv4.conf.lo.mc_forwarding = 0
>> net.ipv4.conf.lo.forwarding = 1
>> net.ipv4.conf.default.mc_forwarding = 0
>> net.ipv4.conf.default.forwarding = 1
>> net.ipv4.conf.all.mc_forwarding = 0
>> net.ipv4.conf.all.forwarding = 1
>>
>>>
>>> Can you reach 10.117.1.205:1521 from sethra (telnet 10.117.1.205 1521)?
>>>
>> Negative, but the command from sethra fails immediately with nothing
>> showing in the logs
>>
>> There has also been mention of a FORWARD chain being necessary.  I
>> haven't done anything outside of the commands listed in this thread.
>>
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux