[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Can't DNAT with iptables
On Mon, 2003-03-03 at 16:25, Steven Pritchard wrote:
> On Mon, Mar 03, 2003 at 04:04:40PM -0600, Dan Fleischer wrote:
> > # Destination NAT
> > $IPTABLES -t nat -A PREROUTING -i eth1 -d 100.1.1.106 -p tcp --dport 22 \
> > -j DNAT --to 192.168.1.106:22
>
> My first thought is that you aren't allowing these connections. DNAT
> is probably working just fine, then connections are getting dropped in
> your FORWARD chain.
I added the following rule immediately after the one above, but to no
avail:
$IPTABLES -A FORWARD -p tcp -d 192.168.1.106 --dport 22 -j ACCEPT
What do you think I should look for next?
>
> BTW, not that it would really help in this instance, but you might
> want to look at this:
>
> http://www.kspei.com/projects/genfw/
>
I appreciate the offer, but I kind of want to understand the nuts and
bolts 1st before considering that route.
> Steve
> --
> steve@silug.org | Southern Illinois Linux Users Group
> (618)398-7360 | See web site for meeting details.
> Steven Pritchard | http://www.silug.org/
>
> -
> To unsubscribe, send email to majordomo@silug.org with
> "unsubscribe silug-discuss" in the body.
>
--
Dan Fleischer
Systems Administrator
Bank & Trust Co.
401 N. Madison St.
Litchfield, IL 62056
Ph. 217-324-3935
http://www.bank-and-trust.com
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.