On Wed, 3 Sep 2003 06:34:27 -0300 Pupeno <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello Gentooers... > I'm trying to do port forwarding in my box... which has a dynamic ip > address and a local ip address of 10.0.0.1. > I want to redirect, for example, the incoming telnet port to another > ip at the local network, latter I want to do the same with a range of > ports (is that posible). > I'm trying to do it with iptables destination nat, I created this rule > Chain PREROUTING (policy ACCEPT 9177 packets, 1980K bytes) > pkts bytes target prot opt in out source > destination > 8 480 DNAT tcp -- any any anywhere > anywhere > tcp dpt:telnet to:10.0.0.4:23 > > with this command "iptables -t nat -A PREROUTING -p tcp --dport 23 -j > DNAT - --to 10.0.0.4:23" > When I telnet to the routing box, I see that the counters for that > rule are incremented, so, it seems to be working, but I was told, that > I'm missing, a rule, that NATs the packets back... but I'm not sure > how to make that rule, can anyone help me ? > Thanks the only thing, that comes to my mind is, that you have to activate masquerading for outgoing packets and allow forwarding of established connections:
iptables -t nat -A POSTROUTING -o <outgoing device> -j MASQUERADE iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT that should do the thing... greetings, tom -- Interviewer: "So, do you ever think about Al Gore?" Bush: "Why? What do you mean?" Interviewer: "Do you ever wonder what he's up to and think about last Fall?" Bush: "Not really." George W. Bush August 10, 2001 Being interviewed by an ABC News correspondent at his ranch in Crawford, Texas.
pgp00000.pgp
Description: PGP signature
