--- Kenny Hitt <[EMAIL PROTECTED]> wrote: > Hi. It still doesn't work. the only rules in the PREROUTING table are > the ones added by my script. > > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > DNAT udp -- anywhere public_ip udp > dpts:2074:2076 to:local_ip > DNAT udp -- anywhere public_ip udp > dpts:4074:4076 to:local_ip > > The other 2 nat tables contain > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > MASQUERADE all -- hittsjunk.net/24 anywhere > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > This looks the same as it did when the rules worked. Hittsjunk.net is > the local network. Thanks to dyndns.org, you can get to the public IP > from the internet using hittsjunk.net, but reverse DNS doesn't work. > > Thanks in advance. > Kenny > > On Wed, Oct 06, 2004 at 11:28:35AM -0700, Mike Mestnik wrote: > > Try replacing -A with -I. If this workes look at the output of > "iptables > > -t nat -L PREROUTING" you should see your rules. Starting at the top > work > > your way down untill you find a rule that would laso match these pkts. > Adding a "-v" will show some usefull counters. It also should show the *rest* of the rule used that I can't see, like the interfaces "-i". You should add "-i eth0" and posibly remove the check for public_ip "-d public_ip".
> > This rule would be the one causing all the problems. > > > > --- Kenny Hitt <[EMAIL PROTECTED]> wrote: > > > > > Hi. I'm trying to forward UDP ports to a computer running on my > local > > > network from the internet. I'm using the ipmasq package in Debian > to > > > masquerade my local network. Last year I was able to forward ports > > > 4074-4076 and 2074-2076 with the following rules. > > > > > > iptables -A PREROUTING -t nat -p udp -d public_ip --dport 4074:4076 > -j > > > DNAT --to local_ip > > > iptables -A PREROUTING -t nat -p udp -d public_ip --dport 2074:2076 > -j > > > DNAT --to local_ip > > > > > > I stopped doing it for a while because I was running the app that > used > > > these ports on the box that was the gateway for the network. When I > > > tried to use the rules again, they no longer work. I get the > following > > > message in my logs > > > > > > IN=eth0 OUT=eth1 SRC=129.100.109.65 DST=local_ip LEN=96 TOS=0x00 > > > PREC=0xA0 TTL=47 ID=0 DF PROTO=UDP SPT=2074 DPT=2075 LEN=76 > > > > > > Public_ip is my IP address on the internet (the IP of eth0) Local_ip > is > > > the address of the system on my local network. The IP address in > the > > > error is the IP of the system I'm trying to reach. Eth1 is > connected to > > > my local network. > > > Basically, I'm trying to use a speak_freely reflector running on the > IP > > > address in the error. > > > Does anyone have an idea what other rules I need to get this working > > > again? > > > > > > Thanks in advance for any help. > > > Kenny > > > > > > > > > -- > > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > > with a subject of "unsubscribe". Trouble? Contact > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > _______________________________ > > Do you Yahoo!? > > Declare Yourself - Register online to vote today! > > http://vote.yahoo.com > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com
