Port forwarding

KUCKAERTZ Régis - NVISION regis at nvision.lu
Fri Sep 17 14:32:15 CEST 2004


Halo,

I've set up rules so that packets sent to $MASK_IP:$MASK_PORT are forwarded
to $REAL_IP:$REAL_PORT with the source address being replaced by $MASK_IP:

# 1. Changing destination address
$IPTABLES -t nat -A PREROUTING -p tcp --dest $MASK_IP --dport $MASK_PORT -j
DNAT --to-destination $REAL_IP:$REAL_PORT

# 2. Accepting forwarded packets
$IPTABLES -A FORWARD -p tcp --dest $REAL_IP --dport $REAL_PORT -j ACCEPT

# 3. IP masquerading after filtering
$IPTABLES -t nat -A POSTROUTING --dest $REAL_IP --dport $REAL_PORT -j SNAT
--to-source $MASK_IP


When I telnet on $MASK_IP:$MASK_PORT, it's hanging... I tried sniffing with
tcpdump (although I must honestly confess that I don't know if the following
request is good), and here is what I got:

$TCPDUMP \(dst host $MASK_IP and dst port $MASK_PORT\) or \(src host
$MASK_IP and src port $MASK_PORT\)
tcpdump: listening on eth0
14:32:28.568875 x.x.x.x.46569 > $REAL_IP.$REAL_PORT: S
2813621631:2813621631(0) win 5840 <mss 1460,sackOK,timestamp 46292274
0,nop,wscale 0> (DF) [tos 0x10] 
14:32:31.568875 x.x.x.x.46569 > $REAL_IP.$REAL_PORT: S
2813621631:2813621631(0) win 5840 <mss 1460,sackOK,timestamp 46292574
0,nop,wscale 0> (DF) [tos 0x10] 
14:32:37.568875 x.x.x.x.46569 > $REAL_IP.$REAL_PORT: S
2813621631:2813621631(0) win 5840 <mss 1460,sackOK,timestamp 46293174
0,nop,wscale 0> (DF) [tos 0x10] 

Nothing seems to get back... any idea?

Thanks in advance,

Régis KUCKAERTZ
-----------------------------------------
NVISION sa - Luxembourg
Internet Services & Network Programming

50, rue des Prés
L-7333 Steinsel
Tél: (+352) 26 34 09 08
Fax: (+352) 26 34 09 07
http://www.nvision.lu/




More information about the netfilter mailing list