| View previous topic :: View next topic |
| Author |
Message |
eXeonical
n00b
Joined: 27 Feb 2004
Posts: 29
|
 Posted: Thu Jun 02, 2005 4:49 pm Post subject: iptables: Newbie asking about port forwarding quirks.. |
 |
|
So, heres my awesome iptables script:
| Code: |
#!/bin/sh
# Configuration
#===============================================================================
IPTABLES=/sbin/iptables
# Clean up iptables
#===============================================================================
$IPTABLES -t filter -F
$IPTABLES -t filter -X
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -t mangle -F
$IPTABLES -t mangle -X
# Default policies
#===============================================================================
$IPTABLES -t filter -P INPUT ACCEPT
$IPTABLES -t filter -P FORWARD ACCEPT
$IPTABLES -t filter -P OUTPUT ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
# Port forwarding
#===============================================================================
$IPTABLES -t nat -A PREROUTING -p tcp --destination-port 1235 -j DNAT --to-destination 10.1.1.202:80 # Why does this work?
$IPTABLES -t nat -A PREROUTING -p tcp --destination-port 1236 -j DNAT --to-destination 127.0.0.1:80 # Why doesnt this work?
# List tables
#===============================================================================
$IPTABLES -t filter -L
$IPTABLES -t nat -L
|
As you can see it doesnt really do much does it..
But anyway i have few questions about the port forwarding thingy:
- Why does the port forwarding to 10.1.1.202:80 does work, when forwarding 127.0.0.1:80 does not work? As i undestand, since 10.1.1.202 is the ip of by Gentoo box, and 127.0.0.1 is localhost, and thus also points to my box, they should both work just as well. But they dont. Why?
- I can connect to port 1235 from my other computer, but i cant access it from the same computer that does the port forwarding. Is there some way that forwarded port would also be usable to the computer doing the forwarding?
|
|
| Back to top |
|
 |
nielchiano
Veteran
Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
|
| Posted: Thu Jun 02, 2005 5:42 pm Post subject: |
|
|
I think most of the answers are in here: http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TRAVERSINGGENERAL
and scroll a bit down until you see the diagram.
| eXeonical wrote: | | I can connect to port 1235 from my other computer, but i cant access it from the same computer that does the port forwarding. Is there some way that forwarded port would also be usable to the computer doing the forwarding? |
Because (see diagram) local packets don't travel trough the PREROUTING table. They start of on the left branch, at LOCAL PROCESS and travel down.
| eXeonical wrote: | | Why does the port forwarding to 10.1.1.202:80 does work, when forwarding 127.0.0.1:80 does not work? As i undestand, since 10.1.1.202 is the ip of by Gentoo box, and 127.0.0.1 is localhost, and thus also points to my box, they should both work just as well. But they dont. Why? |
Not 100% sure, but I think if you want to get packets delivered to the local machine you should use "-j REDIRECT" (http://iptables-tutorial.frozentux.net/iptables-tutorial.html#REDIRECTTARGET), not DNAT. |
|
| Back to top |
|
|
eXeonical
n00b
Joined: 27 Feb 2004
Posts: 29
|
| Posted: Fri Jun 03, 2005 9:45 am Post subject: |
|
|
Thanks, redirect was just what i needed. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
