On Wednesday 20 September 2006 13:12, Evan Brown wrote:
> "/sbin/iptables -t nat -A PREROUTING -p tcp -i $GREEN_DEV -d 10.1.1.229
> --dport 23 -j DNAT --to 192.168.77.2:23 "
1. -t nat => use the "nat" table
2. -A PREROUTING => Append to the chain "PREROUTING"
3. -p tcp => for the tcp protcol
4. -i $GREEN_DEV => the incoming interface is your green
<I have know idea about the colours and such as I never use these
appliances
with green / red / orange etc>
5. -d 10.1.1.229 => destination is that IP address
6. --dport 23 => on the destination port of 23
7. -j DNAT => jump to the DNAT chain
8. --to 192.168.77.2:23 => send that here
So basically ... incoming tcp traffic on the green thingymabobble, that is
destined for 10.1.1.229:23 gets shipped to 192.168.77.2:23 before you get to
the other chains (PREROUTING is first ... AFAICT).
> "/sbin/iptables -A FORWARD -p tcp -i $ORANGE_DEV -d 192.168.77.2 --dport
> 23 -j ACCEPT"
And for this one ... I'll let you determine
man iptables
Andy
_______________________________________________
clug-talk mailing list
[email protected]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
**Please remove these lines when replying
