[casper@huiscomputer.homeip.net: Forwarding a portrange]
Geordie Williamson
geordsta2@hotmail.com
Mon, 16 Jul 2001 17:20:32 +1000
>I'm trying to forward and redirect a range of ports but it doesn't work.
>All ports in the range are forwarded correctly but redirected to the
>first port of the range.
>
>The rules:
>....
>${IPTABLES} -t nat -A PREROUTING -p tcp -i ${INET_IFACE} \
> --dport 1025:1030 -j DNAT --to-destination ${host}:25-30
>${IPTABLES} -t filter -A FORWARD -p tcp \
> -d ${host} --dport 25:30 -j ACCEPT
>....
When you do a
iptables -t nat -A PREROUTING -p tcp --d-port 1025:1030 \
-j DNAT --to 192.168.1.2
it maps the connection attempt on the host to another host on the
corrresponding port. To ask iptables to somehow understand that your rule
means perform some arithmetic and to work out what destination port to
transform the connection to seems a bit much!
Why not just:
iptables -t nat -A PREROUTING -p tcp --d-port 1025 -j DNAT --to
192.168.1.2:25
iptables -t nat -A PREROUTING -p tcp --d-port 1026 -j DNAT --to
192.168.1.2:26
etc.
It makes things a bit simpler for poor old iptables!
Geordie.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.