Mailing List Archive

   tlug.jp -> Mailing List -> tlug archive -> tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Question on iptables and port forwarding

On Fri, Oct 1, 2010 at 16:30, Ian Barwick <barwick@example.com> wrote:
Hi all

I have two machines on the same local network, 192.168.2.6 and 192.168.2.7
and I want to forward say TCP connections to 192.168.2.7:12345 to 192.168.2.6:80
(just for the hell of it, it's Friday ;) ).

All available sources indicate I should be doing something like this
(on 192.168.2.7):

iptables -A PREROUTING  -i eth0 -t nat -p tcp --dport 12345 -m state
--state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.2.6:80
iptables -A FORWARD -i eth0 -p tcp --dport 80 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT


I was playing with this just the other day too. I think what your missing is your POSTROUTING statement.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

that does your SNAT, so the connections get sent back to your 192.168.2.7 machine.



 
but accessing 192.168.2.7:12345 just results in a timeout.

Both machines are running recent standard Ubuntu installations and
as far as I can tell, IP forwarding is enabled.

root@example.com:~# cat /proc/sys/net/ipv4/ip_forward
1

No other iptables rules exist on either of the machines.

Any ideas what I am doing wrong? Could it be a problem that for the
desired setup, 192.168.2.7 is not forwarding from one interface to another?

Thanks for any hints (this kind of stuff is not really my forte)


Ian Barwick

--
To unsubscribe from this mailing list,
please see the instructions at http://lists.tlug.jp/list.html

The TLUG mailing list is hosted by the award-winning Internet provider
ASAHI Net.
Visit ASAHI Net's English-language Web page: http://asahi-net.jp/en/



--
Romeo Theriault
Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links