SetiQ / Linux IPTables

Spaceboy · 3 July 2003 22:05

Okay, I need help!

I need an “idiots” guide to forwarding port 5517 to my pc on 192.168.0.2 and for replies to go out okay too.

so far I have

4.2.4 PREROUTING chain

#SETIQ
$IPTABLES -t nat -A PREROUTING -p TCP --dport 5517 -j DNAT --to-destination 192.168.0.2:5517

4.2.5 POSTROUTING chain

#SETIQ
$IPTABLES -t nat -A POSTROUTING -p TCP --sport 5517 -j SNAT --to-source $IP:5517

no ideas where I’m going wrong.

Please help ???

Spaceboy · 6 July 2003 23:33

bump

edited the above… if you want more WU’s added to the TPR total - help me out!

I’ve got the offer of multiple GHz power waiting to be tapped

barcode · 9 July 2003 22:52

Erm, sorry I missed this post. Thought I would post here as well as the PM…

I’ve only messed with it a couple of times… here is my best guess…

iptables -t nat -A PREROUTING -p tcp --dport 5517 -i eth0 -j DNAT --to 1.2.3.4

Where 1.2.3.4 is ip address of the pc on your lan. Note that you must be able to ping 1.2.3.4 from you router. Hope this helps.

Let me know

Andy

Lucifer_OCS · 16 July 2003 16:58

Originally posted by Spaceboy
[B]Okay, I need help!

I need an “idiots” guide to forwarding port 5517 to my pc on 192.168.0.2 and for replies to go out okay too.

so far I have

4.2.4 PREROUTING chain

#SETIQ
$IPTABLES -t nat -A PREROUTING -p TCP --dport 5517 -j DNAT --to-destination 192.168.0.2:5517

4.2.5 POSTROUTING chain

#SETIQ
$IPTABLES -t nat -A POSTROUTING -p TCP --sport 5517 -j SNAT --to-source $IP:5517

no ideas where I’m going wrong.

Please help ??? [/B]

i assume this is part of a script where the variables ($IPTABLES, $IP etc) are defined?

here’s a bit of my iptables script i use to forward RDC through…


iptables -t nat -A PREROUTING -i <external interface> -p tcp --dport 3389 -j DNAT --to 192.168.0.1:3389
iptables -A FORWARD -i <external interface> -p tcp --dport 3389 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

you’d probably want


iptables -t nat -A PREROUTING -i <external interface> -p tcp --dport 5517 -j DNAT --to 192.168.0.2:5517
iptables -A FORWARD -i <external interface> -p tcp --dport 5517 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

<external interface> being eth0/1, whichever is external

barcode · 16 July 2003 17:38

Thanks Lucifer[OCS], I knew someone who knew about iptables would eventually post. Welcome to the forums.

Spaceboy · 17 July 2003 13:12

just spotted this! cheers guys!

I’ll try it out tonight and let ya know

Spaceboy · 18 July 2003 00:48

Lucifer :worship:

it was the 2nd line I needed! Just tested and it’s all go!

THANKYOU !!!

DoubleTop · 18 July 2003 01:03

hey dont I get any credit for being the guinea pig…

DT.

Spaceboy · 18 July 2003 13:24

hehe sorry mate.

your testing was much appreciated at 00:30 last night/this morning

thanks again chap

Lucifer_OCS · 19 July 2003 17:34

Originally posted by Spaceboy
[B]Lucifer :worship:

it was the 2nd line I needed! Just tested and it’s all go!

THANKYOU !!! [/B]

glad it worked