Learning iptables - simple beginning

10-24-2003, 11:59 PM

Right now my home LAN sits behind a Linksys, but the limitations of
the little router are starting to grate on me. Plus I need to learn
this linux routing stuff anyway.

Assumptions:
* debian linux iptables package
* the iptables box is 192.168.1.103
* the .103 box will receive traffic on port 5900
* .103 should redirect that tcp port 5900 traffic to .100.

I have read many tutorials/faqs/howtos in the newsgroups and on
www.iptables.org, but whenever they talk about redirecting ports it
seems to always be across a NAT boundary, which I don't need since the
iptables box is sitting behind the linksys.

Thanks for any advice, URLs, etc, you might have.

--
L.V.X., brother mouse
http://www.mousetrap.net/otr/ Old Time Radio trades
http://makeashorterlink.com/?K16312E06 CBS Radio Mystery Theater database
http://greyhound.mousetrap.net/altus/ retired racing dog

10-25-2003, 12:59 AM

On Fri, 24 Oct 2003 18:59:48 -0500, jason carr <(E-Mail Removed)> wrote:
>
>
>
> Right now my home LAN sits behind a Linksys, but the limitations of
> the little router are starting to grate on me. Plus I need to learn
> this linux routing stuff anyway.
>
>
> Assumptions:
> * debian linux iptables package
> * the iptables box is 192.168.1.103
> * the .103 box will receive traffic on port 5900
> * .103 should redirect that tcp port 5900 traffic to .100.
>
> I have read many tutorials/faqs/howtos in the newsgroups and on
> www.iptables.org, but whenever they talk about redirecting ports it
> seems to always be across a NAT boundary, which I don't need since the
> iptables box is sitting behind the linksys.
>
> Thanks for any advice, URLs, etc, you might have.
>
>

I have this great 500k tutorial on ipatables in HTML, but I can't find
the URL!

If you really want it, email me. You can find my address
at http://tinyurl.com/l55a. I have an FTP server here.

--
Alan C
Post validation at http://tinyurl.com/rv0y

10-25-2003, 05:07 AM

jason carr wrote:
> Assumptions:
> * debian linux iptables package
> * the iptables box is 192.168.1.103
> * the .103 box will receive traffic on port 5900
> * .103 should redirect that tcp port 5900 traffic to .100.
>
> I have read many tutorials/faqs/howtos in the newsgroups and on
> www.iptables.org, but whenever they talk about redirecting ports it
> seems to always be across a NAT boundary, which I don't need since the
> iptables box is sitting behind the linksys.

Eventually, You will need some sort of "NAT". NAT stands for network
address translation, and if You want to "redirect" traffic, the thing
You do is to change the destination address field of the packets that
You redirect.

So You need an iptables rule on Your .103 box like

iptables -t nat -A PREROUTING -p tcp --dport 5900 -j DNAT \
--to-destination 192.168.1.100[:5900]

[You needn't specify the port number if You leave it unchanged.]

Note that the DNAT target is only allowed in the nat table. - So
eventually, what You need to do is NATting.

Cheers, Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
simple iptables ruleset?	Randell D.	Linux Networking	2	03-30-2007 01:01 PM
Simple symmetric NAT Setup using IPTABLES	Asif	Linux Networking	2	01-23-2006 12:15 PM
simple dual-homed iptables script	bad_knee	Linux Networking	0	02-27-2004 03:51 PM
Squid and simple iptables	Kemton	Linux Networking	2	10-14-2003 12:31 AM
Iptables learning	lili	Linux Networking	4	07-10-2003 08:46 AM