Port forwarding not working
Neil Aggarwal
neil at JAMMConsulting.com
Mon Apr 30 04:11:29 CEST 2007
Jim:
That did it! I guess the Linksys box was only going
to respond to local IP addresses.
I was able to use your example to set up the routing for
the gre protocol as well.
Thank you for your help.
Neil
--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
FREE! Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.
-----Original Message-----
From: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of Jim Laurino
Sent: Sunday, April 29, 2007 9:40 AM
To: netfilter at lists.netfilter.org
Subject: Re: Port forwarding not working
On 04/29/2007 09:06:44 AM, Neil Aggarwal - neil at JAMMConsulting.com wrote:
> Jim:
>
> > Maybe you could use SNAT to make the packets appear
> > to come from the firewall, then they ought to come back.
>
> How do I set up the SNAT rule?
>
This will make the packet look like it came from the firewall:
/sbin/iptables -t nat -I POSTROUTING -o eth1 -d $LINKSYS_VPN_IP \
-p tcp --dport 1723 -j SNAT --to-source 192.168.1.1
(where 192.168.1.1 is the ip address of the firewall on eth1 side)
If postrouting still has a default drop policy etc.
then this rule must be found before the accept rule,
that is why it has -I, to put it first.
HTH
--
Jim Laurino
nfcan.x.jimlaur at dfgh.net
Please reply to the list.
Only mail from the listserver reaches this address.
More information about the netfilter
mailing list