[no subject]

When testing the forwarding, I needed to be coming in from another system.  
Testing it from the system doing the forwarding didn't work.  Grrrr.

Thanks, Frank.

Michael

On Thursday 11 March 2004 01:27 pm, Michael D. Hirsch wrote:
> On Thursday 11 March 2004 12:33 pm, Frank S. Glass wrote:
> > Make sure that you also have a filter table rule for the port.  After the
> > PREROUTING nat chain a packet still must pass through the filter table.
>
> Can you be a little more explicit?  I'm such an iptables idiot I don't know
> what that means.
>
> Here's what I have that I'm told should work:
>
> [root at radium root]# /etc/init.d/iptables status
> Table: filter
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> Table: nat
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> DNAT       tcp  --  anywhere             anywhere           tcp dpt:2402
> to:10.0.26.52:2401
>
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> MASQUERADE  all  --  anywhere             anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> [root at radium root]#
>
> Thanks,
>
> Michael
>
> > Frank
> >
> > Quoting "Michael D. Hirsch" <mhirsch at nubridges.com>:
> > > What am I doing wrong?  I'm trying to forward port 2402 on one system
> > > to port 2401 on another.  This should be easy.
> > >
> > > According to google, the solutions is the obviosu one, something like:
> > > iptables -A PREROUTING -t nat -p tcp  --dport 2402 -j DNAT --to  \
> > >            10.0.25.52:2401
> > >
> > > In my searching I came across a bunch of folks who tried the obvious
> > > solution, it didn't work, so they asked the same question I'm asking.
> > > The responses were all variations on "You should try the obvious
> > > solution."
> > >
> > > I believe forwarding is turned on:
> > > # cat /proc/sys/net/ipv4/ip_forward
> > > 1
> > >
> > > Suggestions?  I've gotta believe I'm missing something stupid.
> > >
> > > Thanks,
> > >
> > > Michael
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
&gt; &gt; &gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
&gt;
&gt; _______________________________________________
&gt; Ale mailing list
&gt; Ale at ale.org
&gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00326" href="msg00326.html">[ale] I'm an iptables idiot</a></strong>
<ul><li><em>From:</em> mhirsch at nubridges.com (Michael D. Hirsch)</li></ul></li>
<li><strong><a name="00329" href="msg00329.html">[ale] I'm an iptables idiot</a></strong>
<ul><li><em>From:</em> glass at holos.com (Frank S. Glass)</li></ul></li>
<li><strong><a name="00330" href="msg00330.html">[ale] I'm an iptables idiot</a></strong>
<ul><li><em>From:</em> mhirsch at nubridges.com (Michael D. Hirsch)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00330.html">[ale] I'm an iptables idiot</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00332.html">[ale] I'm an iptables idiot</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00330.html">[ale] I'm an iptables idiot</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00332.html">[ale] I'm an iptables idiot</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00331"><strong>Date</strong></a></li>
<li><a href="threads.html#00331"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>