Port forwarding
KUCKAERTZ Régis - NVISION
regis at nvision.lu
Fri Sep 17 14:32:15 CEST 2004
Halo,
I've set up rules so that packets sent to $MASK_IP:$MASK_PORT are forwarded
to $REAL_IP:$REAL_PORT with the source address being replaced by $MASK_IP:
# 1. Changing destination address
$IPTABLES -t nat -A PREROUTING -p tcp --dest $MASK_IP --dport $MASK_PORT -j
DNAT --to-destination $REAL_IP:$REAL_PORT
# 2. Accepting forwarded packets
$IPTABLES -A FORWARD -p tcp --dest $REAL_IP --dport $REAL_PORT -j ACCEPT
# 3. IP masquerading after filtering
$IPTABLES -t nat -A POSTROUTING --dest $REAL_IP --dport $REAL_PORT -j SNAT
--to-source $MASK_IP
When I telnet on $MASK_IP:$MASK_PORT, it's hanging... I tried sniffing with
tcpdump (although I must honestly confess that I don't know if the following
request is good), and here is what I got:
$TCPDUMP \(dst host $MASK_IP and dst port $MASK_PORT\) or \(src host
$MASK_IP and src port $MASK_PORT\)
tcpdump: listening on eth0
14:32:28.568875 x.x.x.x.46569 > $REAL_IP.$REAL_PORT: S
2813621631:2813621631(0) win 5840 <mss 1460,sackOK,timestamp 46292274
0,nop,wscale 0> (DF) [tos 0x10]
14:32:31.568875 x.x.x.x.46569 > $REAL_IP.$REAL_PORT: S
2813621631:2813621631(0) win 5840 <mss 1460,sackOK,timestamp 46292574
0,nop,wscale 0> (DF) [tos 0x10]
14:32:37.568875 x.x.x.x.46569 > $REAL_IP.$REAL_PORT: S
2813621631:2813621631(0) win 5840 <mss 1460,sackOK,timestamp 46293174
0,nop,wscale 0> (DF) [tos 0x10]
Nothing seems to get back... any idea?
Thanks in advance,
Régis KUCKAERTZ
-----------------------------------------
NVISION sa - Luxembourg
Internet Services & Network Programming
50, rue des Prés
L-7333 Steinsel
Tél: (+352) 26 34 09 08
Fax: (+352) 26 34 09 07
http://www.nvision.lu/
More information about the netfilter
mailing list