iptables!

Discussion in 'Home Networking' started by junaidaslam, Aug 29, 2005.

  1. junaidaslam

    junaidaslam Guest

    Posted: Mon Aug 29, 2005 1:08 am Post subject: Salam: About iptables

    salam!!

    My problem is i want to have one real ip. i want to re- direct all my
    traffic comming on port 22 to 192.168.1.202 and trafic for port 21 to
    192.168.1.203 where both the machines are within lan and on server i am
    using squid.

    Pleas help and if possible provide the iptable rule for this purpose
    right now i am using but it is not working

    tables -t nat -A PREROUTING -i eth1 -p udp --dport 21 -j DNAT
    --to-destination 192.168.1.203

    plz help!

    Junaid
     
    junaidaslam, Aug 29, 2005
    #1
    1. Advertisements

  2. junaidaslam

    Rob Morley Guest

    uk.comp.os.linux might be a better place to ask.
     
    Rob Morley, Aug 29, 2005
    #2
    1. Advertisements

  3. junaidaslam

    Alex Fraser Guest

    Assuming you want the ports forwarded for their conventional purposes - SSH
    (22) and FTP (21) - then you need -p tcp, not udp.

    You must also ensure that the traffic (in both directions) is allowed by
    rules in the FORWARD chain of the filter (default) table. Note that in the
    FORWARD chain, DNAT (for traffic from the Internet) has already taken place
    and SNAT (for traffic to the Internet) has not.

    Getting PASV file transfers to work with a "port-forwarded" FTP server can
    be troublesome. I'm not sure whether the FTP helper for iptables handles
    this; if not you'll need to configure the FTP server to provide the correct
    address (ie the external one) and use a particular range of ports for PASV
    transfers, and also forward those ports. If the FTP server doesn't support
    this configuration and you need it, you're stuck.

    Alex
     
    Alex Fraser, Aug 30, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.