Re: [tlug] iptables: port forwarding

[Henri Servomaa <henri_servomaa@example.com>]

David Santinoli wrote:
> 
> On Mon, Apr 14, 2003 at 12:54:56AM +0900, Susumu ISHIZUKA wrote:
> >
> > I think your server replied with source port 22(ssh).
> > But it must be masqueraded to 80.
> >
> > So, try this:
> > iptables -t nat -A POSTROUTING -p tcp --sport 22
> > -d 130.153.xxx.yyy
> > -j SNAT --to IP.Address.Of.The.Server:80
> 
> That's unnecessary AFAIK.  What's needed, instead, is to accept packets
> heading for port 22 in the INPUT chain:
> 
> /sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -s 130.153.xxx.yyy \
>  -j ACCEPT
> 


I think the original poster wanted to ssh to 
his machine from the outside, using portforwarding
on port 80. (because a direct connection was not possible..)
 In order for the reply to get back to his outside machine,
that port needs to be NAT:ted back too.
So _both_ the original PREROUTE and POSTROUTE rules are
needed in the NAT table.
Additionally, if traffic on port 22 was blocked, then the above
ACCEPT rule is needed.

HTH,
--
Henri











> Cheers,
>  David
> --
>  David Santinoli, Milano             +   <david@example.com>
>  Independent Linux/Unix consultant   +   http://www.santinoli.com
> 
> **********************************************************
> TLUG server is hosted by Open Source Development Lab Japan
> http://www.osdl.jp/
> **********************************************************
> 
> ==========================================================
> To unsubscribe from this mailing list,
> please see instructions at <http://www.tlug.jp/list.html>
> ==========================================================