[ale] port forwarding help
David Hamm
dhamm at itserve.com
Fri Apr 4 08:44:55 EST 2003
When you port forward your port forwarding host has to be the gateway
between your external client and internal client. I'm not real clear on
this but here's how I think it works. Maybe one of the hard core TCP/IP
folks can correct me on this.
packet from ExternalHost looks like this
src=ExternalHost_IP dst=Gateway_IP
packet reaches the gateway and is changed to look like this and forwarded
src=ExternalHost_IP dst=InternalHost_IP
the internal host gets the packet and responds through the gateway. The
gateway then modifies the response packet to look like this.
src=Gateway_IP dst=ExternalHost_IP
So if you are port forwarding on a single subnet the InternalHost doesn't
have to go through the gateway to talk to the ExternalHost. The External
host then receives an ACK packet from a host it hasn't sent a SYN packet.
So it just ignores the returning data and your telnet session seems hung.
-----Original Message-----
From: Michael D. Hirsch [mailto:mhirsch at nubridges.com]
To: ale at ale.org
Sent: Thursday, April 03, 2003 3:21 PM
To: ale at ale.org
Subject: [ale] port forwarding help
This seems simple, but I've been thumping my head against if for a while
now. All I want to do is forward anything to port xx to machine y.y.y.y.
>From reading docs it looks like all I need this:
iptables -t nat -A PREROUTING -p tcp --dport xx -j DNAT --to y.y.y.y:xx
I have made sure that port forwarding is turned on.
I test by telnetting to port xx on the forwarding box, but never get a
connection.
One other possible complication, do I need to worry that I have only 1 nic
card? So on my test box all the traffic is really on one network. In
production, of course, I will use multiple network cards.
Thanks,
Michael
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list