Iptables {DNAT,REDIRECT}

I've been tweaking my firewall script lately after I've run into a
small problem.
Basically, what I'm looking to do is take connection from my Gateway
and redirect them off to clients on my LAN if they match specific
ports. The forwarding works fine.. except, the connections then show
from my Gateway IP. If I redirect a connection to an external network,
it uses my IP and I can snoop the traffic.

I've been browsing the groups for a while, researching REDIRECT. I've
tried it a couple times and I can't get it to work with redirect; they
simply don't forward. I'm not seeing anything about what the Kernal
may or may not have needed compiled, or any options enabled with it.

This is the redirecting section of my script. It works, except the IP
shows up to 192.168.1.100 as my gateway (192.168.1.1).

$IPT -t nat -A PREROUTING -p tcp --dport 5678 -i $EXT -j DNAT --to
192.168.1.100:22
$IPT -t nat -A PREROUTING -p tcp --dport 6346 -i $EXT -j DNAT --to
192.168.1.100:6346
$IPT -t nat -A PREROUTING -p tcp --dport 1234 -i $EXT -j DNAT --to
192.168.1.100:80


Any input, suggestions, etc? When using REDIRECT, I did open port
1234; so that wasn't being dropped or anything.

Thanks in advance,
Mike

Hi Mike -

On 6 Oct 2004 10:13:45 -0700, (E-Mail Removed) (Akede) wrote:

>Basically, what I'm looking to do is take connection from my Gateway
>and redirect them off to clients on my LAN if they match specific
>ports. The forwarding works fine.. except, the connections then show
>from my Gateway IP. If I redirect a connection to an external network,
>it uses my IP and I can snoop the traffic.

It sounds like you have POSTROUTING SNAT or MASQUERADE rule that
shouldn't be there.

You don't want REDIRECT, that is for redirection within the same
machine.

--
Ken
http://www.ke9nr.net/