[ale] I'm an iptables idiot
Michael D. Hirsch
mhirsch at nubridges.com
Thu Mar 11 13:29:36 EST 2004
On Thursday 11 March 2004 12:33 pm, Frank S. Glass wrote:
> Make sure that you also have a filter table rule for the port. After the
> PREROUTING nat chain a packet still must pass through the filter table.
Can you be a little more explicit? I'm such an iptables idiot I don't know
what that means.
Here's what I have that I'm told should work:
[root at radium root]# /etc/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Table: nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:2402
to:10.0.26.52:2401
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root at radium root]#
Thanks,
Michael
> Frank
>
> Quoting "Michael D. Hirsch" <mhirsch at nubridges.com>:
> > What am I doing wrong? I'm trying to forward port 2402 on one system to
> > port 2401 on another. This should be easy.
> >
> > According to google, the solutions is the obviosu one, something like:
> > iptables -A PREROUTING -t nat -p tcp --dport 2402 -j DNAT --to \
> > 10.0.25.52:2401
> >
> > In my searching I came across a bunch of folks who tried the obvious
> > solution, it didn't work, so they asked the same question I'm asking.
> > The responses were all variations on "You should try the obvious
> > solution."
> >
> > I believe forwarding is turned on:
> > # cat /proc/sys/net/ipv4/ip_forward
> > 1
> >
> > Suggestions? I've gotta believe I'm missing something stupid.
> >
> > Thanks,
> >
> > Michael
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list