On 10/27/2010 03:17 PM, Jan Engelhardt wrote:
On Wednesday 2010-10-27 21:02, Mauricio Tavares wrote:
Let's say I have server1 with two ports, eth0 and eth0, and server2
whose eth0 port is connected to server1's eth1. And let's say the subnet
between them is 192.168.1.0/24 while the one server1's eth0 is connected to is
192.168.4.0/24.
I have the following rules to forward port 6969 coming on eth0 on server1 to
port 6969 on server2's eth0:
iptables -A PREROUTING -t nat -p tcp --dport 6969 -j DNAT --to
192.168.1.server2:6969
iptables -A INPUT -d 192.168.4.server1 -p tcp -m tcp -m state --state NEW
--dport 6969 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Any machine in 192.168.4.0/24 seems to be able to get to server2 by using
192.168.1.server1:6969. But, if I try to connect to 192.168.1.server1:6969 on
server1 itself, I will not be forwarded to server2. What am I missing here?
That prerouting only applies to packets coming from devices connected to
the machine.
How would the prerouting that applies to packets coming from the
machine itself look like?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
