[ale] Portforwarding

Mark Hurley debian4tux at telocity.com
Mon Nov 5 22:57:23 EST 2001 

Here is a working example of your first one...

iptables -t nat -A PREROUTING -s ! 192.168.0.0/24 -d 67.165.192.199
--protocol tcp --dport 80 -j DNAT --to-destination 192.168.0.2


Basically, when you use the '--dport 80', you must specifiy
 '--protocol tcp'

I didn't test your other two...but this should get you started. ;)


Mark Hurley



On Mon, Nov 05, 2001 at 10:55:31AM -0700, Robert L. Harris wrote:
> 
> OK,
>   According to the man page, these lines should be fine:
> 
>   $IPTABLES -t nat -A PREROUTING -s ! 192.168.0.0/24 -d 67.165.192.199 --dport 80 -j DNAT --to-destination 192.168.0.2
>   $IPTABLES -A FORWARD -i eth0 -o eth1 -s ! 192.168.0.1 -d 192.168.0.2 --dport 80 -j ACCEPT
>   $IPTABLES -A FORWARD -i eth1 -o eth0 -s 192.168.0.2 --sport 80 -d ! 192.168.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
> 
> but when I run my NAT script I get this:
> 
> iptables v1.2.3: Unknown arg `--dport'
> Try `iptables -h' or 'iptables --help' for more information.
> iptables v1.2.3: Unknown arg `--sport'
> Try `iptables -h' or 'iptables --help' for more information.
> 
> The manpage shows --destination-port and --dport.  Tried them both,
> same error.
> 
> 
> 
> 
> 
> 
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris                |  Micros~1 :  
> Senior System Engineer          |    For when quality, reliability 
>   at RnD Consulting             |      and security just aren't
>                                 \_       that important!
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
> FYI:
>  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 
> 

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list