[wplug] iptable problems
Romano, Christopher
cjr6 at exchange.cis.pitt.edu
Tue Dec 18 12:37:18 EST 2001
SSH works, but I still get the DNAT to work. Oh, it says that you can't use
-o with prerouting.
Thanks for the help
Chris
-----Original Message-----
From: coldfire [mailto:rolick571 at duq.edu]
Sent: Tuesday, December 18, 2001 10:08 AM
To: 'wplug at wplug.org'
Subject: RE: [wplug] iptable problems
> I see. Thanks.
awesome .. i hope it's working :)
as for forwarding to another box behind the firewall, you should concern
yourself with the prerouting chain in your nat table. i don't have a
network to test it with, but off the top of my head, a rule like this
should (may) work:
iptables -t nat -A PREROUTING -i ppp0 -d <ipaddr> -o <eth1> -p tcp --dport
80 -j DNAT --to-destination <ipaddr>[:port]
as far as the state module ... i'm not sure if you'll need NEW,ESTABLISHED
as once a packet it mangled and forwarded to <ipaddr>[:port], all rules will
cease being examined and every packet for that address forwarded. therefore,
only NEW should be required ... i hope this works and that i'm not talking
out of my ass :)
coldie
_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug
More information about the wplug
mailing list