> I have set up a Linux box to act as a router between two > networks here at work. > eth0 has IP 155.190.50.52 with a netmask of 255.255.255.0 > eth1 has IP 203.110.12.230 with netmask 255.255.255.240 > > I want to route any traffic on port 5900 from equipment on > eth0 to a machine with IP 203.110.12.225 on eth1. > > I have tried the following iptables entries (without > success) > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5900 > -j DNAT --to-destination 203.110.12.225:5900 > > iptables -t filter -A FORWARD -i eth0 -p tcp --dport 5900 > -s 0/0 -d 203.110.12.225 -j ACCEPT
First, are you sure that's what you want? What would be more common based on the addresses would be to source nat the internal addresses (eth0). Do you even need NAT? Anyway, if not, do you have a route on 203.110.12.225 back to the 155.190.50.0/24 network? The iptables tules themselves look ok, but its been a while since i've manually written iptables rules so i may be wrong. Check out the Linux 2.4 Packet Filtering HOWTO at http://www.netfilter.org/ What happens if you telnet to 155.190.50.52 port 5900. Which of the iptables counters increase (iptables -t nat -L -v -n; iptables -L -v -n)? Regards Daniel
