[ale] port forwarding for iptables.
Geoffrey
lists at serioustechnology.com
Wed Jun 10 10:58:53 EDT 2009
Jim Kinney wrote:
> Id10T alert!
>
> time to pour more caffeine into me. I was wrong (my wife can verify
> this). DNAT is the correct way to do this in the nat table in the
> prerouting chain.
>
> Funny... I run "man iptables" and it says "Jim's an Id10T - keep reading..."
I don't see that, guess I need to update...
>
> thanks for the correction!
>
> On Tue, Jun 9, 2009 at 1:42 PM, JK<jknapka at kneuro.net> wrote:
>> Jim Kinney wrote:
>>> all of the -j LOG calls will never trigger because the packet has
>>> already left the chain due to the line before it with the -j ACCEPT or
>>> -j DNAT. Put the log before the jump call.
>>>
>>> -j REDIRECT is what you want to use. DNAT is for IP address. REDIRECT
>>> is for port forwarding.
>>
>> If I am not mistaken, REDIRECT only allows you to forward to a port on
>> the local machine. If you want to forward on to another machine, you
>> need DNAT. "man iptables" backs me up on this, yay.
>>
>> -- JK
>>
>> --
>> Still sigless.
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>>
>
>
>
--
Until later, Geoffrey
Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety.
- Benjamin Franklin
More information about the Ale
mailing list