On Wednesday 03 September 2003 05:34 am, Pupeno wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello Gentooers... > I'm trying to do port forwarding in my box... which has a dynamic ip > address and a local ip address of 10.0.0.1. > I want to redirect, for example, the incoming telnet port to another ip at > the local network, latter I want to do the same with a range of ports (is > that posible). > I'm trying to do it with iptables destination nat, I created this rule > Chain PREROUTING (policy ACCEPT 9177 packets, 1980K bytes) > pkts bytes target prot opt in out source > destination > 8 480 DNAT tcp -- any any anywhere > anywhere tcp dpt:telnet to:10.0.0.4:23 > > with this command "iptables -t nat -A PREROUTING -p tcp --dport 23 -j DNAT > - --to 10.0.0.4:23" > When I telnet to the routing box, I see that the counters for that rule are > incremented, so, it seems to be working, but I was told, that I'm missing, > a rule, that NATs the packets back... but I'm not sure how to make that > rule, can anyone help me ? > Thanks > - -- > Pupeno: [EMAIL PROTECTED] > http://www.kde.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.2 (GNU/Linux) > > iD8DBQE/VbWlLr8z5XzmSDQRAjpzAJwKkSohD9AiC4fWNTMKmH2Ubt4FZQCfUkww > kWSdPzD47NAghQdnl6DE59U= > =qhd+ > -----END PGP SIGNATURE----- The first thing I'd say is "Don't open your system to telnet from the outside! Use SSH instead!"
The second thing would be to point you to floppyfw. floppyfw is a single-floppy distribution of Linux made to run on firewalls/routers. Their site is at: http://www.zelow.no/floppyfw/ I'm not suggesting that you have to use floppyfw at your site, although I use it and like it. But you should check out their HOWTO page, especially this link: http://www.zelow.no/floppyfw/download/HOWTOS/ffw-3ethernets-multi_ip-howto.txt It sounds like it may be related to what you're trying to do. --Tony -- [EMAIL PROTECTED] mailing list
