LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-08-2006, 03:10 AM   #1
dreamprince
LQ Newbie
 
Registered: Aug 2006
Posts: 3

Rep: Reputation: 0
Question DNAT problem, helppp.....


Here I come, experts...

I'm a linux newbie running FC5 for a complex router in my company

Please tell me how to do this:

Code:
iptables -t nat -A OUTPUT -o eth0 -p tcp -m multiport --dports 1080,8080 -j DNAT --to $whateverIP:80
(AND)
Code:
iptables -t nat -A PREROUTING -p tcp -m multiport --dports 1080,8080 -j DNAT --to $whateverIP:80

I think the above (logical) scripts explained you everything (i.e., I do not want to modify the IP at all; I just want to alter the port.)


Thanking you all in advance
Dream
 
Old 10-08-2006, 09:59 AM   #2
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Rep: Reputation: 45
Well, if you just want to modify the port, you should probably use the REDIRECT statement. It will just redirect the connection to another port to the local machine. Is it not exactly what you want to do?

Something like :
Code:
iptables -t nat -A OUTPUT -o eth0 -p tcp -m multiport --dports 1080,8080 -j REDIRECT --to-ports 80
iptables -t nat -A PREROUTING -p tcp -m multiport --dports 1080,8080 -j REDIRECT --to-ports 80
 
Old 10-09-2006, 04:28 AM   #3
dreamprince
LQ Newbie
 
Registered: Aug 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Half_Elf
Well, if you just want to modify the port, you should probably use the REDIRECT statement. It will just redirect the connection to another port to the local machine. Is it not exactly what you want to do?

Something like :
Code:
iptables -t nat -A OUTPUT -o eth0 -p tcp -m multiport --dports 1080,8080 -j REDIRECT --to-ports 80
iptables -t nat -A PREROUTING -p tcp -m multiport --dports 1080,8080 -j REDIRECT --to-ports 80

REDIRECT changes the IP to the local interface. So, the connection is not routed but accepted to the box. That's not what I want. What I want is - whoever (even the box itself) makes a connection to the Internet Proxies via ports 1080 or 8080 will be accessing those proxies via port 80. That's all. So, the IP is not known in advance but I have to change the port only.

Any advice, please??
 
Old 10-10-2006, 11:04 AM   #4
socrates71
LQ Newbie
 
Registered: Aug 2005
Location: Deux Sevres, France
Distribution: Ubuntu, Gentoo, Solaris
Posts: 11

Rep: Reputation: 0
Question

If I understand you correctly then you just need to forward ports 1080 and 8080 to port 80 on the same machine?

Couldn't you just set the webserver to listen on ports 1080 and 8080 as well as 80 without any need for forwarding??

Just an idea...
 
Old 10-17-2006, 12:37 PM   #5
dreamprince
LQ Newbie
 
Registered: Aug 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by socrates71
If I understand you correctly then you just need to forward ports 1080 and 8080 to port 80 on the same machine?

Couldn't you just set the webserver to listen on ports 1080 and 8080 as well as 80 without any need for forwarding??

Just an idea...
My web server is listening on port 9090 and it is serving the clients in a round-robin manner (only some proxies I added). What I want is when the clients make a direct connection to a specific Internet Proxy that they know, I want the port to be 80 (routing). Just want to change the destination port of the packet without altering the destination IP address.

Sorry, not web server. It is proxy server (squid).

Last edited by dreamprince; 10-17-2006 at 12:46 PM.
 
Old 11-14-2006, 10:14 AM   #6
amitsharma_26
Member
 
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777

Rep: Reputation: 31
Quote:
Originally Posted by dreamprince
What I want is when the clients make a direct connection to a specific Internet Proxy that they know, I want the port to be 80 (routing). Just want to change the destination port of the packet without altering the destination IP address.
Why do you want to change the destination port anyways; As you have mentioned "..to a specific internet proxy that they know" If any of these internet proxy are configured to work on some port apart from 80; what are you going to achieve from changing the dport to 80. It wont work; your clients would'nt be able to connect to such proxies & if that is your aim then why dont you block connections to such ports.
 
  


Reply

Tags
dnat, fc5, fedora, iptables, nat, network, networking, prerouting, route, router


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables DNAT problem eantoranz Linux - Networking 2 09-12-2006 01:00 PM
shorewall problem DNAT masand Linux - Networking 3 08-11-2005 11:53 AM
dnat problem jelgavchik Linux - Networking 0 01-20-2005 06:35 AM
problem about iptables DNAT. zufeng Linux - Security 3 06-19-2003 09:29 AM
DNAT and prerouting is my only problem closer8888 Linux - Networking 0 02-17-2003 10:46 PM


All times are GMT -5. The time now is 11:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration