Iptables port redirecting CentOS 5.3

Marcos Aurelio Rodrigues deigratia33 at gmail.com
Tue Jun 24 00:23:16 UTC 2008 

if your FORWARD policy is DROP you need a FORWARD rule too.

iptables -nL FORWARD
Chain FORWARD (policy DROP)

iptables -t nat -A PREROUTING -p tcp -d 10.0.0.1 --dport 9002 -j DNAT --to
192.168.0.17:9002
iptables -A FORWARD -p tcp -s 0/0 --sport 1024:65535 -d 192.168.0.17 --dport
9002 -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


-- 
========================================
Marcos Aurelio Rodrigues
<deigratia33 at gmail.com>
CCNA, MCSO, Security+
Mirabilia laudo semprer, Dei
========================================


On Mon, Jun 23, 2008 at 8:04 PM, obed <obed.listas at gmail.com> wrote:

> On Mon, Jun 23, 2008 at 3:40 PM, Rodrick Brown <rbrown at ballistasec.com>
> wrote:
> > I'm having some difficulties getting port redirection working can anyone
> > assist?
> >
> >
> >
> >
> >
> > Server Interfaces:
> >
> > eth0:10.0.0.1
> >
> > eth1:192.168.0.1
> >
> >
> >
> > My server has two interfaces I need to route any request coming into
> > port 9002 to an internal server running a service on that same port. I
> > tried using the following settings:
> >
> >
> >
> > # echo 1 >/proc/sys/net/ipv4/ip_forward
> >
> > # iptables -t nat -A PREROUTING -p tcp -d 10.0.0.1 --dport 9002 -j DNAT
> > --to 192.168.0.17:9002
> >
> > # iptables -t nat -A POSTROUTING -o eth1 -d 192.168.0.17 -j SNAT
> > --to-source 10.0.0.1
> >
> >
>
> This work for me...
>
> iptables -t nat -A PREROUTING -p tcp --dport 9002 -j DNAT
> --to-destination 192.168.0.17:9002
>
> Just with this rule should be enoght...
>
>
>
>
> >
> > [root at routerhost ~]# iptables -t nat --list
> >
> > Chain PREROUTING (policy ACCEPT)
> >
> > target     prot opt source               destination
> >
> > DNAT       tcp  --  anywhere           routerhost.domain.com tcp
> > dpt:dynamid to:192.168.0.17:9002
> >
> >
> >
> > Chain POSTROUTING (policy ACCEPT)
> >
> > target     prot opt source               destination
> >
> > SNAT       all  --  anywhere             targethost.domain.com
> > to:10.0.0.1
> >
> >
> >
> > Chain OUTPUT (policy ACCEPT)
> >
> > target     prot opt source               destination
> >
> >
> >
> >
> >
> > svcprd at nyadmlx01 scripts]$ telnet routerhost 9002
> >
> > Trying 10.0.0.1...
> >
> > telnet: connect to address 10.0.0.1: Connection refused
> >
> > telnet: Unable to connect to remote host: Connection refused
> >
> >
> >
> >
> >
> > If anyone could help much will be appreaciated thanks.
> >
> > ---
> >
> > Rodrick R. Brown
> >
> > Ballista Securities, LLC
> >
> > 120 Wall St. Suite 2400
> >
> > P: 646 307 4709
> >
> > C: 347 702 0012
> >
> > F: 646 219-5872
> >
> > E: rbrown(at)ballistasec.com
> >
> >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subjectunsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
>
>
> --
>
> obed.org.mx
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list