[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can't DNAT with iptables



On Mon, 2003-03-03 at 17:03, Steven Pritchard wrote:
> On Mon, Mar 03, 2003 at 04:47:31PM -0600, Dan Fleischer wrote:
> > I added the following rule immediately after the one above, but to no
> > avail:
> > 
> > $IPTABLES -A FORWARD -p tcp -d 192.168.1.106 --dport 22 -j ACCEPT
> > 
> > What do you think I should look for next?
> 
> I'm not quite sure.  Feel free to send me the output of the following
> (to the list or privately):
> 
>     iptables -nL --line-numbers
Chain INPUT (policy DROP)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          
   (I think rule 1 is from allowing unlimited loopback traffic.
    It looks troublesome, though)

2    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
flags:0x3F/0x00 
3    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
flags:0x03/0x03 
4    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
flags:0x06/0x06 
5    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
flags:0x05/0x05 
6    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
flags:0x11/0x01 
7    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
flags:0x18/0x08 
8    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
flags:0x30/0x20 
9    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state
RELATED,ESTABLISHED 
10   DROP       all  --  0.0.0.0/0            0.0.0.0/0          state
INVALID 
11   DROP       all  --  100.1.1.2            0.0.0.0/0          
12   DROP       all  --  10.0.0.0/8           0.0.0.0/0          
13   DROP       all  --  172.16.0.0/12        0.0.0.0/0          
14   DROP       all  --  192.168.0.0/16       0.0.0.0/0          
15   DROP       all  --  224.0.0.0/4          0.0.0.0/0          
16   DROP       all  --  240.0.0.0/5          0.0.0.0/0          
17   DROP       all  --  127.0.0.0/8          0.0.0.0/0          
18   DROP       all  --  0.0.0.0              0.0.0.0/0          
19   DROP       all  --  255.255.255.255      0.0.0.0/0          
20   DROP       all  --  169.254.0.0/16       0.0.0.0/0          
21   DROP       all  --  192.0.2.0/24         0.0.0.0/0          
22   DROP       all  --  0.0.0.0/8            0.0.0.0/0          
23   DROP       icmp --  0.0.0.0/0            0.0.0.0/0          
24   ACCEPT     icmp --  192.168.1.0/24       0.0.0.0/0          
25   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
dpt:22 

Chain FORWARD (policy DROP)
num  target     prot opt source               destination         
1    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
flags:0x3F/0x00 
2    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
flags:0x03/0x03 
3    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
flags:0x06/0x06 
4    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
flags:0x05/0x05 
5    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
flags:0x11/0x01 
6    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
flags:0x18/0x08 
7    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
flags:0x30/0x20 
8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state
RELATED,ESTABLISHED 
9    DROP       all  --  0.0.0.0/0            0.0.0.0/0          state
INVALID 
10   ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          icmp
type 8 state NEW 
11   ACCEPT     tcp  --  0.0.0.0/0            100.1.1.106        tcp
dpt:22 state NEW 
12   DROP       tcp  --  192.168.1.0/24       0.0.0.0/0          tcp
dpts:137:139 
13   DROP       udp  --  192.168.1.0/24       0.0.0.0/0          udp
dpts:137:139 
14   DROP       tcp  --  192.168.1.0/24       0.0.0.0/0          tcp
dpts:1433:1434 
15   DROP       udp  --  192.168.1.0/24       0.0.0.0/0          udp
dpts:1433:1434 
16   DROP       tcp  --  192.168.1.0/24       0.0.0.0/0          tcp
dpt:6667 
17   DROP       udp  --  192.168.1.0/24       0.0.0.0/0          udp
dpt:6667 
18   ACCEPT     tcp  --  192.168.1.0/24       0.0.0.0/0          
19   ACCEPT     udp  --  192.168.1.0/24       0.0.0.0/0          

Chain OUTPUT (policy DROP)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state
RELATED,ESTABLISHED 
3    DROP       all  --  0.0.0.0/0            0.0.0.0/0          state
INVALID 
4    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          icmp
type 8 state NEW 
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp
dpt:22 


>     iptables -t nat -nL --line-numbers
> 
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    DNAT       tcp  --  0.0.0.0/0            100.1.1.106        tcp
dpt:22 to:192.168.1.106:22 

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    SNAT       all  --  192.168.1.0/24       0.0.0.0/0         
to:100.1.1.2 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         


Sorry for the length.  I thought it might be good for the community.
-- 
Dan Fleischer
Systems Administrator
Bank & Trust Co.
401 N. Madison St.
Litchfield, IL 62056

Ph. 217-324-3935
http://www.bank-and-trust.com


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.