iptables port forwading question

From: Tarendash, David (DTarendash@SLK.com)
Date: 10/31/01


Message-ID: <BF2F803672A8D511BDDB00025591401F6E31AE@snt061.net.slk.com>
From: "Tarendash, David" <DTarendash@SLK.com>
To: "'security-discuss@linuxsecurity.com'" <security-discuss@linuxsecurity.com>
Subject: iptables port forwading question
Date: Wed, 31 Oct 2001 13:37:52 -0500

Hi all,

I'm trying to use port forwarding to get to a service on a machine behind a
firewall. I'm not sure its safe, but it's on a private LAN, in which 2
segments are seperated by a firewall, so it shouldnt be so bad..

Anyway, I've read all the docs on iptables and have tried to get it
working...but it just dosn't seem to want to forward my packets.

This is a texbook example used in most howtos.

# from NAT-HOWTO on netfilter.samba.org
# Append a rule pre-routing (-A PREROUTING) to the NAT table (-t nat) that
# TCP packets (-p tcp) going to 1.2.3.4 (-d 1.2.3.4) port 8080 (--dport
8080)
# have their destination mapped (-j DNAT) to 192.168.1.1, port 80
# (--to 192.168.1.1:80).

iptables -A PREROUTING -t nat -p tcp -d 1.2.3.4 --dport 8080 \
        -j DNAT --to 192.168.1.1:80

*************************************************************************

I'm trying to get to vnc on one machine from another (vnc on port 5900) via
the telnet port;

$proxy=92.1.39.172
$port=32
$vnc=92.1.39.169:5900

iptables -A PREROUTING -t nat -p tcp -d $proxy --dport $port \
        -j DNAT --to $vnc

What am I missing? Are there utils that will show me the nat table? I have
no other packetfiltering rules
and all are policy e ACCEPT.

Do I ned to disable xinetd's telnet? (Ive tried it with telnet enabled and
disabled)

Thank you in advance,
David Tarendash
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.