[ale] port forwarding for iptables.

Atlanta Geek atlantageek at gmail.com
Wed Jul 8 10:45:05 EDT 2009


1 month later I returned to this task.  I figured out my problem.

in my /etc/sysctl.conf this line existed.
net.ipv4.ip_forward = 0

changed it to 1 and my port forwarding worked.

On Wed, Jun 10, 2009 at 10:58 AM, Geoffrey<lists at serioustechnology.com> wrote:
> Jim Kinney wrote:
>> Id10T alert!
>>
>> time to pour more caffeine into me. I was wrong (my wife can verify
>> this). DNAT is the correct way to do this in the nat table in the
>> prerouting chain.
>>
>> Funny... I run "man iptables" and it says "Jim's an Id10T - keep reading..."
>
> I don't see that, guess I need to update...
>
>>
>> thanks for the correction!
>>
>> On Tue, Jun 9, 2009 at 1:42 PM, JK<jknapka at kneuro.net> wrote:
>>> Jim Kinney wrote:
>>>> all of the -j LOG calls will never trigger because the packet has
>>>> already left the chain due to the line before it with the -j ACCEPT or
>>>> -j DNAT. Put the log before the jump call.
>>>>
>>>> -j REDIRECT is what you want to use. DNAT is for IP address. REDIRECT
>>>> is for port forwarding.
>>>
>>> If I am not mistaken, REDIRECT only allows you to forward to a port on
>>> the local machine.  If you want to forward on to another machine, you
>>> need DNAT.  "man iptables" backs me up on this, yay.
>>>
>>> -- JK
>>>
>>> --
>>> Still sigless.
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>>
>>
>>
>>
>
>
> --
> Until later, Geoffrey
>
> Those who would give up essential Liberty, to purchase a little
> temporary Safety, deserve neither Liberty nor Safety.
>  - Benjamin Franklin
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
http://www.atlantageek.com



More information about the Ale mailing list