Hi listers. I try to make a simple tunnel for a jdbc connection with port forward from one machine to another via a firewall.
|client| --Inet--> |firewall| --LAN--> |database| The client runs a ssh client with port forwarding to the firewall machine. On the fw I have the "simpleproxy" which is a tcp proxy that forwards all local sockets to a remote host. Yet I thought I should do a: iptables -t nat -A OUTPUT -d 194.226.254.1 -p tcp -m tcp --dport 1521 -j DNAT --to-destination 192.168.10.100:1521 ... which should do the fw->database port forward trick; it doesn't. :-| Dumping, it looks like packets leave from 192.168.10.1 (which is internal eth firewall) to 192.168.10.100 (which is the database server) , the server says SYN ACK and then the firewall sends a RST !! Why? Isn't DNAT supposed to keep track of all connection even those DNATed? What am I missing? The linux part is a RH 7.3 with a 2.4.18 from kernel.org.
