← Back to team overview

sslug-teknik team mailing list archive

  1. sslug-teknik team
  2. Mailing list archive
  3. Message #38365

Re: redirect af pakker til en anden maskine vha. iptables - hjælp

  Thread PreviousDate PreviousThread Next 
In <3B2912A2.9000502@xxxxxxx> Klavs Klavsen <kl@xxxxxxx> writes:

>Hej gutter,

>Jeg sidder bag en WOL-router.. alle requests går til min server - som
>kører linux-2.4.5.

>Jeg har brug for at få ident-requests fra bestemte servere (irc)
>videresendt til min client bag routeren..

>jeg havde i tankerne at man ville kunne gøre noget a la dette her:

>    iptables -t nat -A PREROUTING --from $irc-server --protocol tcp
>--destination-port 113 -j DNAT --to $client-ip

>Men det virker ikke.. har i nogen tips til mig?

Du har sikkert bare glemt at åbne for forbindelser til ident-porten
på selve firewall'en. Jeg sakser lige fra min egen 
http://www.sslug.dk/sikkerhed/netfilter.html :

# How to do this depends on whether the service is running on the
# firewall host itself, or on another system "behind" the firewall
# (on the internal LAN, or a separate network segment - so called DMZ).
#
# The following command is needed in both cases:
# iptables -A block -m state --protocol tcp --state NEW --destination-port http -j ACCEPT
# If the service is running on another host (here: 192.168.11.22), you must 
# do "port forwarding" like this (no need for ipmasqadm anymore):
# iptables -t nat -A PREROUTING --protocol tcp --destination-port http -j DNAT --to 192.168.11.22

Henrik
-- 
Henrik Storner      | "ATA100 is another testimony to the fact that 
<henrik@xxxxxxxxxx> |  pigs can be made to fly given sufficient thrust"
                    | 
                    |          Linux kernel hacker Alan Cox, on IDE drives

Follow ups

References

  Thread PreviousDate PreviousThread Next