[ale] port forwarding for iptables.
JK
jknapka at kneuro.net
Tue Jun 9 14:04:55 EDT 2009
Run two instances of tcpdump, one on each side of the router machine,
and see if anything interesting turns up:
tcpdump -n -nn -i $INCOMING_INTERFACE host $DEST_IP and tcp port $DEST_PORT
tcpdump -n -nn -i $OUTGOING_INTERFACE host $TARGET_HOST
Should let you see if ANYTHING interesting is coming out of the box
when the stuff that's supposed to be forwarded goes in.
-- JK
Atlanta Geek wrote:
> The log fix was correct. Thanks Jim,
> I now see my PREROUTING log showing up
> But the forwarding does not appear to be working. any suggestions?
>
> On Tue, Jun 9, 2009 at 1:42 PM, JK<jknapka at kneuro.net> wrote:
>> Jim Kinney wrote:
>>> all of the -j LOG calls will never trigger because the packet has
>>> already left the chain due to the line before it with the -j ACCEPT or
>>> -j DNAT. Put the log before the jump call.
>>>
>>> -j REDIRECT is what you want to use. DNAT is for IP address. REDIRECT
>>> is for port forwarding.
>>
>> If I am not mistaken, REDIRECT only allows you to forward to a port on
>> the local machine. If you want to forward on to another machine, you
>> need DNAT. "man iptables" backs me up on this, yay.
>>
>> -- JK
>>
>> --
>> Still sigless.
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>>
>
>
>
--
A closed mouth gathers no feet.
More information about the Ale
mailing list