if your FORWARD policy is DROP you need a FORWARD rule too. iptables -nL FORWARD Chain FORWARD (policy DROP) iptables -t nat -A PREROUTING -p tcp -d 10.0.0.1 --dport 9002 -j DNAT --to 192.168.0.17:9002 iptables -A FORWARD -p tcp -s 0/0 --sport 1024:65535 -d 192.168.0.17 --dport 9002 -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -- ======================================== Marcos Aurelio Rodrigues <deigratia33@xxxxxxxxx> CCNA, MCSO, Security+ Mirabilia laudo semprer, Dei ======================================== On Mon, Jun 23, 2008 at 8:04 PM, obed <obed.listas@xxxxxxxxx> wrote: > On Mon, Jun 23, 2008 at 3:40 PM, Rodrick Brown <rbrown@xxxxxxxxxxxxxxx> > wrote: > > I'm having some difficulties getting port redirection working can anyone > > assist? > > > > > > > > > > > > Server Interfaces: > > > > eth0:10.0.0.1 > > > > eth1:192.168.0.1 > > > > > > > > My server has two interfaces I need to route any request coming into > > port 9002 to an internal server running a service on that same port. I > > tried using the following settings: > > > > > > > > # echo 1 >/proc/sys/net/ipv4/ip_forward > > > > # iptables -t nat -A PREROUTING -p tcp -d 10.0.0.1 --dport 9002 -j DNAT > > --to 192.168.0.17:9002 > > > > # iptables -t nat -A POSTROUTING -o eth1 -d 192.168.0.17 -j SNAT > > --to-source 10.0.0.1 > > > > > > This work for me... > > iptables -t nat -A PREROUTING -p tcp --dport 9002 -j DNAT > --to-destination 192.168.0.17:9002 > > Just with this rule should be enoght... > > > > > > > > [root@routerhost ~]# iptables -t nat --list > > > > Chain PREROUTING (policy ACCEPT) > > > > target prot opt source destination > > > > DNAT tcp -- anywhere routerhost.domain.com tcp > > dpt:dynamid to:192.168.0.17:9002 > > > > > > > > Chain POSTROUTING (policy ACCEPT) > > > > target prot opt source destination > > > > SNAT all -- anywhere targethost.domain.com > > to:10.0.0.1 > > > > > > > > Chain OUTPUT (policy ACCEPT) > > > > target prot opt source destination > > > > > > > > > > > > svcprd@nyadmlx01 scripts]$ telnet routerhost 9002 > > > > Trying 10.0.0.1... > > > > telnet: connect to address 10.0.0.1: Connection refused > > > > telnet: Unable to connect to remote host: Connection refused > > > > > > > > > > > > If anyone could help much will be appreaciated thanks. > > > > --- > > > > Rodrick R. Brown > > > > Ballista Securities, LLC > > > > 120 Wall St. Suite 2400 > > > > P: 646 307 4709 > > > > C: 347 702 0012 > > > > F: 646 219-5872 > > > > E: rbrown(at)ballistasec.com > > > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjectunsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > > obed.org.mx > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
