Re: [tlug] Question on iptables and port forwarding

[Ian Barwick <barwick@example.com>]

2010/10/1 Romeo Theriault <romeo.theriault@example.com>:
> On Fri, Oct 1, 2010 at 16:30, Ian Barwick <barwick@example.com> wrote:
>>
>> Hi all
>>
>> I have two machines on the same local network, 192.168.2.6 and 192.168.2.7
>> and I want to forward say TCP connections to 192.168.2.7:12345 to
>> 192.168.2.6:80
>> (just for the hell of it, it's Friday ;) ).
>>
>> All available sources indicate I should be doing something like this
>> (on 192.168.2.7):
>>
>> iptables -A PREROUTING  -i eth0 -t nat -p tcp --dport 12345 -m state
>> --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.2.6:80
>> iptables -A FORWARD -i eth0 -p tcp --dport 80 -m state --state
>> NEW,ESTABLISHED,RELATED -j ACCEPT
>>
>
> I was playing with this just the other day too. I think what your missing is
> your POSTROUTING statement.
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> that does your SNAT, so the connections get sent back to your 192.168.2.7
> machine.

Bingo, that was it!

Time to read up on networking again...

Ian Barwick