Port translation

stan goedigi89__e at cox.net
Sun Jul 13 00:25:38 UTC 2008


Uno Engborg wrote:
> stan skrev:
>> Uno Engborg wrote:
>>> Rüdiger Pretzlaff skrev:
>>>>
>>>> Am 12.07.2008 um 12:21 schrieb Uno Engborg:
>>>>
>>>>> For various reasons I would like to  forward trafic to port 390 to 
>>>>> port 5432 on the same host. One would think this would be a
>>>>> simple task for iptables but I have now tinkered with this for two 
>>>>> days, and I still fail to get it right.
>>>>>
>>>>> I have also tried :
>>>>> iptables -t nat -A PREROUTING  -p tcp --dport 390 -j DNAT --to 
>>>>> 192.168.0.5:5432
>>>>>
>>>>> where 192.168.0.5 is the address of the host
>>>>>
>>>>>
>>>>> Any ideas on how to do this?
>>>
>>
>> From the man page it looks like you need a colon on the port for DNAT 
>> (and no IP
>> as it will stay the same if not specified, just what you want).
>> iptables -t nat -A PREROUTING  -p tcp --dport 390 -j DNAT 
>> --to-destination :5432
>>
>> I haven't tested, but it seems it should work.
>>
> Yes,  removing the IP address was probably an improvemnet, but not 
> enough to make it work.
>
> Regards
> Uno Engborg
>
You should add some LOG rules so you can see what is happening to the 
packet.  They will show
you if the port is being altered.

If that doesn't work, could you post the output of iptables -n -L -v?  
That way everyone can see
exactly what iptables is programmed to do.




More information about the fedora-list mailing list