port forwarding form IP range
Nilesh
niluforalways at yahoo.com
Mon Mar 20 10:39:08 CET 2006
Dear All,
Anyone please help me out.
Regards
Nilesh
--- Nilesh <niluforalways at yahoo.com> wrote:
> Hi Rob
> Sorry Rob and team I couldnot send you the Output of
> IPTABLES because I was on the Vactions Now I am back
> to work.
>
> also I have attached the my rc.firewall file
> Please help me to forward request on 192.168.0.3
> here is the Output
>
>
> [root at bugtrack rc.d]# iptables -nvL
> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out
> source
> destination
> 0 0 ACCEPT all -- lo *
> 0.0.0.0/0 0.0.0.0/0
> 604 99765 ACCEPT all -- eth1 *
> 192.168.0.0/24 0.0.0.0/0
> 0 0 drop-and-log-it all -- ppp0 *
> 192.168.0.0/24 0.0.0.0/0
> 917 830K ACCEPT all -- ppp0 *
> 0.0.0.0/0 59.95.10.98
> 0 0 ACCEPT all -- ppp0 *
> 0.0.0.0/0 59.95.10.98 state
> RELATED,ESTABLISHED
> 23 1157 drop-and-log-it all -- * *
> 0.0.0.0/0 0.0.0.0/0
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out
> source
> destination
> 2075 265K ACCEPT all -- ppp0 eth1
> 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED
> 3366 4209K ACCEPT all -- eth1 ppp0
> 0.0.0.0/0 0.0.0.0/0
> 0 0 drop-and-log-it all -- * *
> 0.0.0.0/0 0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out
> source
> destination
> 0 0 ACCEPT all -- * lo
> 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT all -- * eth1
> 59.95.10.98 192.168.0.0/24
> 736 717K ACCEPT all -- * eth1
> 192.168.0.0/24 192.168.0.0/24
> 0 0 drop-and-log-it all -- * ppp0
> 0.0.0.0/0 192.168.0.0/24
> 901 132K ACCEPT all -- * ppp0
> 59.95.10.98 0.0.0.0/0
> 0 0 drop-and-log-it all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT tcp -- * eth0
> 0.0.0.0/0 0.0.0.0/0 state NEW
> tcp
> dpt:80
>
> Chain drop-and-log-it (5 references)
> pkts bytes target prot opt in out
> source
> destination
> 23 1157 LOG all -- * *
> 0.0.0.0/0 0.0.0.0/0 LOG flags 0
> level 6
> 23 1157 REJECT all -- * *
> 0.0.0.0/0 0.0.0.0/0 reject-with
> icmp-port-unreachable
> [root at bugtrack rc.d]#
>
>
> [root at bugtrack rc.d]# iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- 192.168.0.0/24 anywhere
> drop-and-log-it all -- 192.168.0.0/24
> anywhere
> ACCEPT all -- anywhere 59.95.10.98
> ACCEPT all -- anywhere 59.95.10.98
>
> state RELATED,ESTABLISHED
> drop-and-log-it all -- anywhere
> anywhere
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> state RELATED,ESTABLISHED
> ACCEPT all -- anywhere anywhere
> drop-and-log-it all -- anywhere
> anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- 59.95.10.98
> 192.168.0.0/24
> ACCEPT all -- 192.168.0.0/24
> 192.168.0.0/24
> drop-and-log-it all -- anywhere
> 192.168.0.0/24
> ACCEPT all -- 59.95.10.98 anywhere
> drop-and-log-it all -- anywhere
> anywhere
> ACCEPT tcp -- anywhere anywhere
>
> state NEW tcp dpt:http
>
> Chain drop-and-log-it (5 references)
> target prot opt source destination
> LOG all -- anywhere anywhere
>
> LOG level info
> REJECT all -- anywhere anywhere
>
> reject-with icmp-port-unreachable
>
> --- Rob Sterenborg <rob at sterenborg.info> wrote:
>
> > Please reply back to the list and STOP TOPPOSTING.
> >
> > On Tue, March 14, 2006 11:33, Nilesh wrote:
> > > Thanks Rob,
> > >
> > > I have tried a lot with this rules but unable to
> > > forward/redirect traffic.
> > > Rob, my question is very simple I want to
> > forward/redirect
> > > traffic coming from IP 192.168.0.10 for
> > 192.168.0.1:3128
> > > to 192.168.0.3:3128
> >
> > Yes I know what the question is. But if it's so
> > simple, then why doesn't it
> > work already ?
> >
> > > The detail about network.
> > > We have two Internet service providers.
> > > The scenario is 192.168.0.1 is on my Internet
> > Service
> > > Provider(ISP) 1 and now I have installed second
> > proxy server
> > > on other comp which is 192.168.0.3 on the ISP 2
> > connection.
> > > We have assigned the Ip's to our internal
> machines
> > from range
> > > 192.168.0.4 to 192.168.0.250.
> > > We have some bandwidth upload/download
> limitations
> > on
> > > the ISP 1.
> > > I want to use 192.168.0.3 proxy severs for the
> > some
> > > IP's I have taken example of 192.168.0.10 IP.
> > > The browser settings of 192.168.0.10 comp is
> > > 192.168.0.1:3128
> > >
> > > I want to setup the firewall on the 192.168.0.1
> so
> > the
> > > request coming from 192.168.0.10 for the
> > > 192.168.0.1:3128 will forwarded to IP
> > 192.168.0.3:3128
> > > so he/she will use invisibly the proxy
> > > 192.168.0.3:3128
> > >
> > > could you please help me to solve the problem
> >
> > The rules I wrote should do what you want to do.
> >
> > > $ipt -t nat -A PREROUTING -i eth1 -s
> 192.168.0.10
> > \
> > > -p tcp --dport 3128 -j DNAT --to 192.168.0.3
> >
> > This specifies that packets to 192.168.0.1:3128
> are
> > redirected to 192.168.0.3
> > (same port).
> >
> > > $ipt -A FORWARD -i eth1 -s 192.168.0.10 \
> > > -d 192.168.0.3 -p tcp --dport 3128 -j ACCEPT
> >
> > This allows it to happen, but policy is ACCEPT
> > anyway so this rule should
> > actually be of no use (unless another rule blocks
> > it).
> >
> > If it doesn't work, could you please show us the
> > output of : "iptables -nvL".
> >
> >
> > Gr,
> > Rob
>
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the netfilter
mailing list