[TCLUG] redirect with iptables command

Thu Jun 17 12:41:24 CDT 2004

... snip ...

> > Below I have listed the iptables command ... it tells me that there is
> > "no chain/target/match by that name" Suggestions would be greatly
> > appreciated. (obviously it does not work)
> >
> > iptables command
> >
> > $IPT -A PREROUTING -p TCP -d 172.16.5.47 --dport 1025 -j DNAT \
> >  --to-destination 192.168.1.99:22
>
> Add '-t nat' to get to the proper table.
>
> -- 
> Nate Carlson <natecars at real-time.com>   | Phone : (952)943-8700
> http://www.real-time.com                | Fax   : (952)943-8500

That did take care of the error for the iptables command .. but it still
does not make it through the firewall.  The packets still die ... nothing
makes it to the internal machine.  I added the first command to just open up
port 1025 from everywhere in the world ...hoping that it would help
(apparently it didn't)

CURRENT COMMANDS:

$IPT -A tcp_inbound -p tcp -s 0/0 --destination-port 1025 -j ACCEPT
$IPT -A tcp_inbound -p udp -s 0/0 --destination-port 1025 -j ACCEPT
$IPT -t nat -A PREROUTING -p tcp -d 172.16.5.47 --dport 1025 -j DNAT \
 --to-destination 192.168.1.99:22

LOG FILE MESSAGE

Jun 17 12:25:49 server kernel: FORWARD packet died: IN=eth1 OUT=eth0
SRC=131.216
.114.113 DST=192.168.1.99 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=24688 DF
PROTO=TCP SPT=42431 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

COMMAND USED TO SSH

ssh -p 1025 -l rclark 63.98.3.64

Other items of note:

I am on a high speed wireless connection and my IP is an internal one ...
behind their systems, but all ports are opened up so that my box appears
wide open to the world.  World IP is 63.98.3.64 ... internal IP is
172.16.5.47 ... so that is why this last ip address shows up on the log
file.

I also have two NICs on this system ... one for the internet and the other
for the internal network.  Do I have to do anything special in order to
route it from the external IP (172.16.5.47) to the internal NIC
(192.168.1.1)

Thoughts of suggestions would be greatly appreciated ... thanks in advance.

Randy

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list