Results 1 to 3 of 3
Hey, Good Linux Folks. Here's what I've tried: ============================================= /sbin/iptables -t nat -A PREROUTING -p tcp -d 192.168.0.149 --dport 11343 -j DNAT --to 192.168.0.39:80 /sbin/iptables -t nat -A POSTROUTING -p ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 06-02-2003 #1
- Join Date
- Jun 2003
- Milwaukee, WI
Iptables Forwarding Problem (Redhat 9)
Hey, Good Linux Folks.
Here's what I've tried:
/sbin/iptables -t nat -A PREROUTING -p tcp -d 192.168.0.149 --dport 11343 -j DNAT --to 192.168.0.39:80
/sbin/iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.39 --sport 80 -j SNAT --to 192.168.0.149:11343
I saved those rules, re-started the iptables service, re-booted the Redhat 9 box, verified that only those two were the rules in effect, and pointed IE at 192.168.0.149:11343. No go.
Then, I tried the following two rules:
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.0.149 --dport 11343 -j DNAT --to 192.168.0.39:80
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.39 --dport 80 -j ACCEPT
But a lot of people are having success with rules like the above, otherwise such examples wouldn't be all over the Internet. So what piece of the puzzle am I missing?!?
Yes, I did echo "1" > /proc/sys/net/ipv4/ip_forward. In fact, that's the first thing I did. No, the ipchains module is not installed.
Although I'm a newbie to Linux, I've been a professional software developer for 25 years (mostly Microsoft Windows stuff, for the last 15 years). And what this smells like to me is that I'm missing some little Linux insight that all the iptables examples assume I already have.
Here's hoping somebody out there can say something like "Duh, Vic: power up the Linux box first; then your iptables scripts will work." Well, you know what I mean...
Thanks in advance.
- 06-02-2003 #2
- Join Date
- Apr 2003
- London, UK
I cannot see anything immediatly wrong with this rules, however, i have sometimes found that i need to also acccpt * on the output chains to make things work.
If you want basic internet connection sharing, have a look at the script i wrote for my own home network before i purchased my Netscreen:
If you dont want to do try my script, please can you type "iptables -L" at the command prompt, and paste the results here.
- 05-24-2005 #3
- Join Date
- Dec 2004
iptables rule help require URGENT............
I have two routers in my network.
1. Cisco Router - Connected to ISP Router
External IP Address s0 - 10.2.0.2
Internal IP Address - 172.16.10.1
2. Linux Router - (Act as Squid Proxy and Linux Router for internal lan users)
Gateway IP Address -- 172.16.10.1
Eth1 - 172.16.10.2
Eth0 - 192.168.20.80
We have another office in different location and we want to access all resource from their network.
Different office live ip is : 0.0.0.0
We are using Linux Squid Proxy on Linux Router for site and domain restriction.
We have assign Linux Eth0 IP 192.168.20.80 to all users in TCP/IP Gateway setting to access internet and Internet is working fine.
We are using iptables firewall in linux router.
I tried to set the rule in iptables to access our another office network but not able to success.
As per the above configuratin in our network.
I want to put the rule in iptables to access our different office network (different location).
How do I access our different office network using iptables firewall.
I can access our different office network using Cisco Router 172.16.10.1.
But not able to access using 192.168.20.80 and 192.168.20.80 is also ip address of linux squid proxy and linux router.
Can anybody help me on this?
How can put the rule in iptables to access different location network as it is accessing using Cisco Router 172.16.10.1 but not able to access using Linux Router.
I appreicate anyone resolve this problem.
Thanks & Regards