Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    NAT not working but the setting is correct! Thx

    Dear all,

    I have a firewall machine running Slackware 10.1. It had a fix ip address, (ex and it connected to a local LAN. so the config is

    Now I open a new port 8765 on eth1 and forward into local LAN
    I did the following
    iptables -A INPUT -i eth1 -p tcp --dport 8765 -j ACCEPT (accept data from port 8765)
    iptables -t nat -A PREROUTING -p tcp -i eth1 -d --dport 8765 -j DNAT --to (forward msg from to
    After, I check with "iptables -L -t nat"
    Chain PREROUTING (policy ACCEPT)
    target     prot opt source               destination
    DNAT       tcp  --  anywhere    dpt:6908 to:
    It seem ok. but when I open the URL on firefox it failed, ie also failed
    Unable to connect
    Firefox can't establish a connection to the server at
    Now, the firewall setting is correct and seem work fine, but why I can't connect to local machine, but when I connect is work fine. How can I check the forwarding is correct from to


  2. #2
    Dear all,

    I do a lab about this issue...

    I build two linux system:

    OS: Fedora Core 5

    OS: RHEL3
    SERVICE: Httpd

    First, using a cross cable to connect the client(eth0) and server(eth1), those can ping, is connected!
    Now, I write a simple script to run on server, to accept the port number 8765 from, then using NAT to following the signal from to local LAN machine
    The httpd can run on with on browser
    Now using a machine on segment 192.168.80.x to type URL it will have error showed as following, the computer and the this testing server is on same segment, it can ping to each other.
    The connection has timed out
    The server at is taking too long to respond.
    And I check the server's iptables setting, it seem correct
    [root@localhost ~]# iptables -L -t nat
    Chain PREROUTING (policy ACCEPT)
    target     prot opt source               destination
    DNAT       tcp  --  anywhere         tcp dpt:ultraseek-http to:
    Chain POSTROUTING (policy ACCEPT)
    target     prot opt source               destination
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    The problem is the same as I ask before, how can I fix this problem?? Thanks.

    Here is the script that I used to test:
    # insert modules
    echo "1" > /proc/sys/net/ipv4/ip_forward
    modprobe ip_tables
    modprobe ip_nat_ftp
    modprobe ip_conntrack
    modprobe ip_conntrack_ftp
    # clear rule
    service iptables restart
    iptables -X
    iptables -F
    iptables -X -t nat
    iptables -F -t nat
    # reset rule
    iptables -A INPUT -i -p tcp --dport 8765 -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp -i eth0 -d --dport 8765 -j DNAT --to


  3. #3
    Linux Newbie framp's Avatar
    Join Date
    Jul 2006
    Stuttgart, Germany
    Your target IP is - which is a remote system - not the local system. An INPUT rule applies to the local system. Use a FORWARD rule and it should work
    "Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Benedict Torvalds

  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts