Re: iptables + PAT
From: /dev/rob0 (rob0_at_gmx.co.uk)
Date: Sat, 24 Jan 2004 19:30:18 -0800
In article <firstname.lastname@example.org>, Steve Vain wrote:
> iptables -t nat -A PREROUTING -i eth0 -d firewallip --dport 8080 -j
> DNAT --to-destination WebIP:80
> will only notice one arriving Packets but no connection works..seems to be
> loading without a result
What's in your filter rules? These packets hit the filter table,
specifically the FORWARD chain, with an IP:port destination of WebIP:80.
Is port 80/tcp accepted for WebIP? (Oh, BTW, there's no "-p tcp" in your
Does your route table allow routing from firewallip to WebIP?
> Please can anyone help ?, and explain how the packets run really through my
I don't remember the whole scheme, but nat PREROUTING is one of the
first hit. The name refers to the routing decision, at which point the
kernel decides to send it to one of the 3 filter chains. It's all
described in the HOWTO and man page.
> If my local PC sends by webbrowser http.// firewallip:8080 -> the packet
> enters at first the Prerouting chain ?
Well I don't know. What's the route between you and firewallip? Is that
packet coming in on the firewall's eth0 interface? Not knowing your
network topology makes this rather difficult to guess.
-- /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net or put "not-spam" or "/dev/rob0" in Subject header to reply