LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   DNAT problem, helppp..... (http://www.linuxquestions.org/questions/linux-networking-3/dnat-problem-helppp-490518/)

dreamprince 10-08-2006 04:10 AM

DNAT problem, helppp.....
 
Here I come, experts...

I'm a linux newbie running FC5 for a complex router in my company :(

Please tell me how to do this:

Code:

iptables -t nat -A OUTPUT -o eth0 -p tcp -m multiport --dports 1080,8080 -j DNAT --to $whateverIP:80
(AND)
Code:

iptables -t nat -A PREROUTING -p tcp -m multiport --dports 1080,8080 -j DNAT --to $whateverIP:80

I think the above (logical) scripts explained you everything (i.e., I do not want to modify the IP at all; I just want to alter the port.)


Thanking you all in advance
Dream

Half_Elf 10-08-2006 10:59 AM

Well, if you just want to modify the port, you should probably use the REDIRECT statement. It will just redirect the connection to another port to the local machine. Is it not exactly what you want to do?

Something like :
Code:

iptables -t nat -A OUTPUT -o eth0 -p tcp -m multiport --dports 1080,8080 -j REDIRECT --to-ports 80
iptables -t nat -A PREROUTING -p tcp -m multiport --dports 1080,8080 -j REDIRECT --to-ports 80


dreamprince 10-09-2006 05:28 AM

Quote:

Originally Posted by Half_Elf
Well, if you just want to modify the port, you should probably use the REDIRECT statement. It will just redirect the connection to another port to the local machine. Is it not exactly what you want to do?

Something like :
Code:

iptables -t nat -A OUTPUT -o eth0 -p tcp -m multiport --dports 1080,8080 -j REDIRECT --to-ports 80
iptables -t nat -A PREROUTING -p tcp -m multiport --dports 1080,8080 -j REDIRECT --to-ports 80



REDIRECT changes the IP to the local interface. So, the connection is not routed but accepted to the box. That's not what I want. What I want is - whoever (even the box itself) makes a connection to the Internet Proxies via ports 1080 or 8080 will be accessing those proxies via port 80. That's all. So, the IP is not known in advance but I have to change the port only.

Any advice, please??

socrates71 10-10-2006 12:04 PM

If I understand you correctly then you just need to forward ports 1080 and 8080 to port 80 on the same machine?

Couldn't you just set the webserver to listen on ports 1080 and 8080 as well as 80 without any need for forwarding??

Just an idea...

dreamprince 10-17-2006 01:37 PM

Quote:

Originally Posted by socrates71
If I understand you correctly then you just need to forward ports 1080 and 8080 to port 80 on the same machine?

Couldn't you just set the webserver to listen on ports 1080 and 8080 as well as 80 without any need for forwarding??

Just an idea...

My web server is listening on port 9090 and it is serving the clients in a round-robin manner (only some proxies I added). What I want is when the clients make a direct connection to a specific Internet Proxy that they know, I want the port to be 80 (routing). Just want to change the destination port of the packet without altering the destination IP address.

Sorry, not web server. It is proxy server (squid).

amitsharma_26 11-14-2006 11:14 AM

Quote:

Originally Posted by dreamprince
What I want is when the clients make a direct connection to a specific Internet Proxy that they know, I want the port to be 80 (routing). Just want to change the destination port of the packet without altering the destination IP address.

Why do you want to change the destination port anyways; As you have mentioned "..to a specific internet proxy that they know" If any of these internet proxy are configured to work on some port apart from 80; what are you going to achieve from changing the dport to 80. It wont work; your clients would'nt be able to connect to such proxies & if that is your aim then why dont you block connections to such ports.


All times are GMT -5. The time now is 12:33 AM.