    About iptables


    My problem is i want to have one real ip. i want to re- direct all my
    traffic comming on port 22 to and trafic for port 21 to where both the machines are within lan and on server i am
    using squid.

    Pleas help and if possible provide the iptable rule for this purpose
    right now i am using but it is not working

    tables -t nat -A PREROUTING -i eth1 -p udp --dport 21 -j DNAT

    plz help!

    junaidaslam, Aug 29, 2005
    uk.comp.os.linux might be a better place to ask.
    Rob Morley, Aug 29, 2005
    Assuming you want the ports forwarded for their conventional purposes - SSH
    (22) and FTP (21) - then you need -p tcp, not udp.

    You must also ensure that the traffic (in both directions) is allowed by
    rules in the FORWARD chain of the filter (default) table. Note that in the
    FORWARD chain, DNAT (for traffic from the Internet) has already taken place
    and SNAT (for traffic to the Internet) has not.

    Getting PASV file transfers to work with a "port-forwarded" FTP server can
    be troublesome. I'm not sure whether the FTP helper for iptables handles
    this; if not you'll need to configure the FTP server to provide the correct
    address (ie the external one) and use a particular range of ports for PASV
    transfers, and also forward those ports. If the FTP server doesn't support
    this configuration and you need it, you're stuck.

    Alex Fraser, Aug 30, 2005
