[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can't DNAT with iptables



On Mon, 2003-03-03 at 16:25, Steven Pritchard wrote:
> On Mon, Mar 03, 2003 at 04:04:40PM -0600, Dan Fleischer wrote:
> > # Destination NAT
> > $IPTABLES -t nat -A PREROUTING -i eth1 -d 100.1.1.106 -p tcp --dport 22 \
> >                  -j DNAT --to 192.168.1.106:22
> 
> My first thought is that you aren't allowing these connections.  DNAT
> is probably working just fine, then connections are getting dropped in
> your FORWARD chain.

I added the following rule immediately after the one above, but to no
avail:

$IPTABLES -A FORWARD -p tcp -d 192.168.1.106 --dport 22 -j ACCEPT

What do you think I should look for next?

> 
> BTW, not that it would really help in this instance, but you might
> want to look at this:
> 
>     http://www.kspei.com/projects/genfw/
> 
I appreciate the offer, but I kind of want to understand the nuts and
bolts 1st before considering that route.

> Steve
> -- 
> steve@silug.org           | Southern Illinois Linux Users Group
> (618)398-7360             | See web site for meeting details.
> Steven Pritchard          | http://www.silug.org/
> 
> -
> To unsubscribe, send email to majordomo@silug.org with
> "unsubscribe silug-discuss" in the body.
> 
-- 
Dan Fleischer
Systems Administrator
Bank & Trust Co.
401 N. Madison St.
Litchfield, IL 62056

Ph. 217-324-3935
http://www.bank-and-trust.com


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.