Find the answer to your Linux question:
Results 1 to 3 of 3
Hey, Good Linux Folks. Here's what I've tried: ============================================= /sbin/iptables -t nat -A PREROUTING -p tcp -d 192.168.0.149 --dport 11343 -j DNAT --to 192.168.0.39:80 /sbin/iptables -t nat -A POSTROUTING -p ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2003
    Location
    Milwaukee, WI
    Posts
    2

    Iptables Forwarding Problem (Redhat 9)


    Hey, Good Linux Folks.

    Here's what I've tried:
    =============================================
    /sbin/iptables -t nat -A PREROUTING -p tcp -d 192.168.0.149 --dport 11343 -j DNAT --to 192.168.0.39:80

    /sbin/iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.39 --sport 80 -j SNAT --to 192.168.0.149:11343
    =============================================

    I saved those rules, re-started the iptables service, re-booted the Redhat 9 box, verified that only those two were the rules in effect, and pointed IE at 192.168.0.149:11343. No go.

    Then, I tried the following two rules:
    =============================================
    /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.0.149 --dport 11343 -j DNAT --to 192.168.0.39:80

    /sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.39 --dport 80 -j ACCEPT
    =============================================

    Ditto.

    But a lot of people are having success with rules like the above, otherwise such examples wouldn't be all over the Internet. So what piece of the puzzle am I missing?!?

    Yes, I did echo "1" > /proc/sys/net/ipv4/ip_forward. In fact, that's the first thing I did. No, the ipchains module is not installed.

    Although I'm a newbie to Linux, I've been a professional software developer for 25 years (mostly Microsoft Windows stuff, for the last 15 years). And what this smells like to me is that I'm missing some little Linux insight that all the iptables examples assume I already have.

    Here's hoping somebody out there can say something like "Duh, Vic: power up the Linux box first; then your iptables scripts will work." Well, you know what I mean...

    Thanks in advance.

    Vic

  2. #2
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    I cannot see anything immediatly wrong with this rules, however, i have sometimes found that i need to also acccpt * on the output chains to make things work.

    If you want basic internet connection sharing, have a look at the script i wrote for my own home network before i purchased my Netscreen:

    www.jasonlambert.net/download.php

    If you dont want to do try my script, please can you type "iptables -L" at the command prompt, and paste the results here.

    Cheers.

    Jason

  3. #3
    Just Joined!
    Join Date
    Dec 2004
    Posts
    3

    iptables rule help require URGENT............

    I have two routers in my network.


    1. Cisco Router - Connected to ISP Router
    External IP Address s0 - 10.2.0.2
    Internal IP Address - 172.16.10.1

    2. Linux Router - (Act as Squid Proxy and Linux Router for internal lan users)
    Gateway IP Address -- 172.16.10.1
    Eth1 - 172.16.10.2
    Eth0 - 192.168.20.80

    Plan :-
    We have another office in different location and we want to access all resource from their network.
    Different office live ip is : 0.0.0.0

    We are using Linux Squid Proxy on Linux Router for site and domain restriction.

    We have assign Linux Eth0 IP 192.168.20.80 to all users in TCP/IP Gateway setting to access internet and Internet is working fine.
    We are using iptables firewall in linux router.


    Problem :-
    I tried to set the rule in iptables to access our another office network but not able to success.

    Require :-
    As per the above configuratin in our network.
    I want to put the rule in iptables to access our different office network (different location).
    How do I access our different office network using iptables firewall.


    Note :-
    I can access our different office network using Cisco Router 172.16.10.1.
    But not able to access using 192.168.20.80 and 192.168.20.80 is also ip address of linux squid proxy and linux router.


    Can anybody help me on this?
    How can put the rule in iptables to access different location network as it is accessing using Cisco Router 172.16.10.1 but not able to access using Linux Router.

    I appreicate anyone resolve this problem.

    Thanks & Regards
    Uday

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •