Find the answer to your Linux question:
Results 1 to 3 of 3
Hi I had this iptables that was working very well : iptables -t nat -A PREROUTING -d 10.102.201.65 -i eth0 -p sctp -m sctp --dport 60104 -j DNAT --to-destination 10.1.1.97 ...
  1. 09-17-2009 #1
    jeffajeffa
    jeffajeffa is offline
    Just Joined!
    Join Date
    Sep 2009
    Posts
    2

    Trying to update an iptable.

    Hi

    I had this iptables that was working very well :

    iptables -t nat -A PREROUTING -d 10.102.201.65 -i eth0 -p sctp -m sctp --dport 60104 -j DNAT --to-destination 10.1.1.97

    iptables -t nat -A POSTROUTING -s 10.1.1.97 -o eth0 -p sctp -m sctp --sport 60104 -j SNAT --to-source 10.102.201.65

    In fact it simply redirect was come from an external adres with dport 60104 to internal adress 10.1.1.97 on the same dport.

    Also what come from 10.1.1.97 on sport 60104 is forward to the external adress but the source adress is changed before to be sent.

    This being said I have added the following line in my iptable and they dont seem to kick in. Since i am a beginner with iptable maybe i bypass a basic rule....

    Anybody can help ?



    iptables -t nat -A PREROUTING -d 10.102.201.65 -i eth0 -p sctp -m sctp --dport 60104 -j DNAT --to-destination 10.1.1.97
    iptables -t nat -A POSTROUTING -s 10.1.1.97 -o eth0 -p sctp -m sctp --sport 60104 -j SNAT --to-source 10.102.201.65

    iptables -t nat -A PREROUTING -d 10.102.201.65 -i eth0 -p sctp -m sctp --dport 60107 -j DNAT --to-destination 10.1.1.97
    iptables -t nat -A POSTROUTING -s 10.1.1.97 -o eth0 -p sctp -m sctp --sport 60107 -j SNAT --to-source 10.102.201.65

    iptables -t nat -A PREROUTING -d 10.102.201.65 -i eth0 -p sctp -m sctp --dport 60041 -j DNAT --to-destination 10.1.1.10
    iptables -t nat -A POSTROUTING -s 10.1.1.10 -o eth0 -p sctp -m sctp --sport 60041 -j SNAT --to-source 10.102.201.65

    When i received a message with source port 60041 it is still redirected to 10.1.1.97.........? Please educate me :0)
    Last edited by jeffajeffa; 09-17-2009 at 03:03 PM. Reason: mistake in cut and paste (change prerouting)
    Reply With Quote Reply With Quote
  2. 09-19-2009 #2
    Lazydog
    Lazydog is offline
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,281
    Take a look at this 'TUTORIAL' and here for 'SCTP matches'.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted
    Reply With Quote Reply With Quote
  3. 09-19-2009 #3
    jeffajeffa
    jeffajeffa is offline
    Just Joined!
    Join Date
    Sep 2009
    Posts
    2

    I think i found the problem

    I manageg to get it work. The problem is not reallly on my IP table . It is on the fact that the previous iptable is not properly clean before i load this one.We suspect we have a problem with our customized version of montavista which prevent the clearing of the iptable even if i use the apropriate command.

    I am still playing with it and keep you inform.

    Jeff
    Last edited by jeffajeffa; 09-19-2009 at 11:05 AM. Reason: typo
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...