[Techtalk] iptables NAT forwarding...
Malcolm Tredinnick
malcolm at commsecure.com.au
Wed May 29 10:07:29 EST 2002
On Tue, May 28, 2002 at 10:38:43AM -0400, Walt wrote:
> I'm kind of lost as to why this isn't working..
>
> All I'm trying to do is forward a connection
> to port 2346 on my server's external iface to
> an internal computer on the same port.
>
> My iptables command is simply this:
> iptables -A INPUT -p udp --dport 2346 -d [EXT_IP] -j ACCEPT
Don't you want "-s [EXT_IP]" instead of -d here? As I understand your
requirements, you want packets originating from the external address to
be redirected.
> iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 2346 -j DNAT --to
> 10.0.0.9:2346
>
> But the connection cannot be established and
> when I 'nc -u -v -z localhost 2346' it tells me
> connection refused.
I would have thought you would get a different error message, but I
think I see part of the problem... Whenever you do destination address
translation, you almost always need to masquerade the connection as
well. Otherwise, the packet gets sent off to 10.0.0.9 and tries to
return directly to EXT_IP, but it usually doesn't know how to get
directly to there ... only how to get to the 10.0.0.0 network.
Also, you have turned IP forwarding on, haven't you?
Malcolm
--
More information about the Techtalk
mailing list