IPTABLES: Forwarding port to different machine & different port

Jens Knoell Wed, 09 Mar 2005 15:40:57 -0800

I'm a little lost... I want to simplify the server setup and get rid of some forwarding rules in xinetd. So I've modified the firewall rules like this:

<---header snipped (sets up basic rules and preps)---> # Enable NAT /usr/sbin/iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 207.224.222.229 #/usr/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# Port redirect # VNC Listeners for tech support /usr/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 5500 -j DNAT --to-destination 10.0.0.109:5500 /usr/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 5501 -j DNAT --to-destination 10.0.0.113:5500 # VNC Forwards for some office people /usr/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 5900 -j DNAT --to-destination 10.0.0.105:5900 /usr/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 59105 -j DNAT --to-destination 10.0.0.105:5900 /usr/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 59106 -j DNAT --to-destination 10.0.0.106:5900 /usr/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 59107 -j DNAT --to-destination 10.0.0.107:5900 /usr/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 59108 -j DNAT --to-destination 10.0.0.108:5900 <---everything below snipped because it's only firewall rules--->

Funny thing: the first two (VNC listeners) work. Everything below does not. Any idea what's wrong there?

Thanks a lot
J
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

IPTABLES: Forwarding port to different machine & different port

Reply via email to