Bob <[EMAIL PROTECTED]> wrote:
> There happen to be several of these exact
> lines for different ports and none of them seem to be working...
>
> LOG tcp -- 0.0.0.0/0 159.166.1.69 tcp dpt:8994
> LOG flags 0 level 4
> DNAT tcp -- 0.0.0.0/0 159.166.1.69 tcp dpt:8994
> to:159.166.4.137:8994
I'll assume that you're trying to implement this scenario:
X -> A (159.166.1.69) -> B (159.166.4.137)
If you are testing this port redirection by starting a connection from A,
you'll need to add the DNAT rule to the OUTPUT chain as well
as local packets don't pass the PREROUTING chain.
If the default gateway for packets sent from B to X is not A, B will try
to reply to X directly which will then become confused as X talked to A
before. To prevent this, you'll have to add a SNAT rule as well:
$IPTABLES -t nat -A POSTROUTING -p tcp --destination 159.166.4.137 \
--dport 8994 -j SNAT --to 159.166.1.69
Also make sure that packets are not blocked by the FORWARD rule and,
as Rob already pointed out, that you have switched ip_forwarding on.
In case you're still experiencing problems, use the following commands to
see
the packet count for each rule that matched - this way you can try to
understand what is happening within netfilter:
iptables -L -v
iptables -t nat -L -v
Regards,
Peter Oberparleiter
--
Peter Oberparleiter
Linux on zSeries Development
IBM Development Lab, Boeblingen/Germany
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
