[Cialug] iptables question

Tom Pohl tom at tcpconsulting.com
Thu Dec 15 11:18:34 CST 2011


And this is exactly why I use shorewall to interface with iptables :)

On your PREROUTING rule, you should specify a new chain that has the rules for the DNAT only for the specific port.

-Tom


On Dec 15, 2011, at 10:38 AM, Dave Weis wrote:

>  
> I’ve got a Linux machine set up to do SNAT and DNAT between external IP’s and internal machines. For example x.x.x.219 gets translated to 192.168.115.11. It works fine with something like this:
> iptables –A PREROUTING –d x.x.x.219 –i eth0 –j DNAT –to-destination 192.168.115.11
> iptables –A POSTROUTING –s 192.168.115.11 –j SNAT –to-source x.x.x.219
>  
> The problem is that I only want a few ports to be exposed through and the filtering I’m doing in the forwarding process isn’t filtering.
> Iptables –A FORWARD –d x.x.x.219 –p tcp –dport 2200 –j ACCEPT
> Iptables –A FORWARD –d x.x.x.219 –j DROP
>  
> Everything still gets through to the inside machine. What am I doing wrong?
>  
> Dave
>  
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20111215/acc402ba/attachment.html>


More information about the Cialug mailing list