Redirect Command

Jason Opperisano opie at 817west.com
Thu Apr 21 15:41:44 CEST 2005


On Thu, Apr 21, 2005 at 08:26:43AM -0500, Hernan Arredondo wrote:
> Hi all,
> 
> I'm new with iptables, I trying to create a rule that redirect all the
> packets that goes to the port 25 of my firewall to the port 25 in a
> Internet LAN machine, then I execute the command:
> 
> /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT
> --to 192.168.10.12:25
> 
> eth0 is the host exposed directly to Internet, and 192.168.2.12 is the
> host in the LAN.

do you also have a FORWARD rule to allow this traffic through?

  # allow stateful traffic
  iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

  # allow SMTP connections to mail server
  iptables -A FORWARD -i eth0 -p tcp --syn \
    -d 192.168.10.12 --dport 25 -j ACCEPT

> Now, this is not working, I try a telnet <eth0> 25 and nothing happen.

where are you executing the telnet from?  any answer other than "from
some host on the Internet" makes your testing methodology invalid.

-j

--
"Chris: Dad, can you help me with my math homework?
 Peter: Math. Math my dear boy is nothing more than the lesbian sister
 of biology."
        --Family Guy



More information about the netfilter mailing list