[H-GEN] IPTables port forwarding

Kris Amy kris at lunadawn.net
Sat Apr 19 04:11:16 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

You don't specify the outgoing interface because the system should already
have a route available for that destination. So:-

$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport <port> -j DNAT --to
$INTBOX

that should be it

Kris

----- Original Message -----
From: "Sandra Milne" <silne at optusnet.com.au>
To: <general at lists.humbug.org.au>
Sent: Saturday, April 19, 2003 4:41 PM
Subject: Re: [H-GEN] IPTables port forwarding


> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
> At 14:47 19/04/2003 +1000, you wrote:
> >What you're doing there isn't port forwarding, its letting
> >the packets go though if you have a routed network.  For port
> >forwarding, you need something like:
> >
> >$IPTABLES -t nat -A PREROUTING -i $EXTIF -o $INTIF -p tcp --dport 5206 -j
> >DNAT --to $INTBOX
> >$IPTABLES -t nat -A PREROUTING -i $EXTIF -o $INTIF -p udp --dport 5206 -j
> >DNAT --to $INTBOX
> >
> >where $INTBOX is the IP of your internal box.  I've used rules like this
> >successful to let people connect into internal game servers, forward for
> >webservers etc.
>
> I'm sure you probably have used rules like those, but not that exact one.
>
> archer# /sbin/iptables -t nat -A PREROUTING -i eth1 -o eth0 -p tcp --dport
> 5206 -j DNAT --to 192.168.0.69
> iptables v1.2.6a: Can't use -o with PREROUTING
>
> Try `iptables -h' or 'iptables --help' for more information.
>
> And you're correct, the rules I concocted myself don't work. I guess
> further assistance is required.
>
> Thanks,
>
> Sandra.
> --
> silne at optusnet.com.au
> "There are 10 types of people in the world -- those that understand
binary,
> and those that don't."
>
>
> --
> * This is list (humbug) general handled by majordomo at lists.humbug.org.au .
> * Postings to this list are only accepted from subscribed addresses of
> * lists 'general' or 'general-post'.  See http://www.humbug.org.au/
>


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list