LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-10-2004, 11:59 AM   #1
_ben_deb_
Member
 
Registered: Jun 2003
Posts: 31

Rep: Reputation: 15
iptables redirect


hello !

i want to redirect stream from my firewall to another pc wich run apache on it...

for now i test this with:
(i test from 192.168.0.2 to 192.168.0.1 and i want connect to 192.168.0.3 transparantly)

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.3:80

but it doesn't work

what should i do ?

how can i view nat filter table because "iptables -L" does not ????

thank you for your help
 
Old 11-10-2004, 12:15 PM   #2
bignerd
Member
 
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
Re: iptables redirect

Quote:
Originally posted by _ben_deb_
hello !

i want to redirect stream from my firewall to another pc wich run apache on it...

for now i test this with:
(i test from 192.168.0.2 to 192.168.0.1 and i want connect to 192.168.0.3 transparantly)

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.3:80

but it doesn't work

what should i do ?

how can i view nat filter table because "iptables -L" does not ????

thank you for your help
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.3:80

That is correct. Any tcp 80 traffic that is destined to your firewalls ip will be redirected to 192.168.0.3 destination port 80.

iptables -t nat -L -n -v will show you your nat tables. You may have conflicting rules that you need to delete.
 
Old 11-10-2004, 12:27 PM   #3
_ben_deb_
Member
 
Registered: Jun 2003
Posts: 31

Original Poster
Rep: Reputation: 15
thank for your reply ...

it still doesn't work ...

here my output iptables for: iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


here my output iptables for: iptables -t nat -L -n -v

Chain PREROUTING (policy ACCEPT 11 packets, 540 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.0.3:80

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination


i connect to 192.168.0.1 with mozilla but i still doesn't work ??????
i don't understand
 
Old 11-10-2004, 12:30 PM   #4
_ben_deb_
Member
 
Registered: Jun 2003
Posts: 31

Original Poster
Rep: Reputation: 15
maybe i must do something for reply of 192.168.0.3 ?
 
Old 11-10-2004, 02:21 PM   #5
bignerd
Member
 
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
Did you remember to very nicely ask your linux box to forward packets?

cat /proc/sys/net/ipv4/ip_forward

If it does not respond with the number 1 then you forgot to ask your box to forward those nice ipv4 packets.

echo 1 > /proc/sys/net/ipv4/ip_forward

Is how you ask the box to do this for you. You probably want to add this to a start up script so when you reboot you don't have to do this by hand each time.

-b
 
Old 11-11-2004, 03:40 PM   #6
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
You need to SNAT the replies from 192.168.0.3 to look like they are from 192.168.0.1

When you send the original packets from .0.2 to .0.1, it sends them to .0.3, which replies directly to .0.2 coz it's local. So 0.2 drops the packets coz it's expecting them to only come from 0.1

It's better to test this with 2 network cards and 2 different subnets..
 
Old 11-12-2004, 05:02 AM   #7
_ben_deb_
Member
 
Registered: Jun 2003
Posts: 31

Original Poster
Rep: Reputation: 15
yes you right both !

i have a script to start my computer and when i stop the rules it put 0 on /proc/sys/net/ipv4/ip_forward

so i solve the problem and i success to redirect stream to internet adress.
But i want to test from .0.2 to connect to 0.0.3 from .0.1 but it doesn't work !

i think your right and i'll try to SNAT to .0.1 to make it work !

i'll send a message later ...

thank
 
Old 11-13-2004, 05:06 AM   #8
_ben_deb_
Member
 
Registered: Jun 2003
Posts: 31

Original Poster
Rep: Reputation: 15
Ok it's working for testing !

i filter POSTROUTING and PREROUTING nat table for it !

thanks !
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Some sort of redirect with iptables? zooper Linux - Networking 2 09-22-2005 02:11 AM
iptables redirect patvrs Linux - Networking 15 08-02-2005 08:31 AM
IPTABLES redirect question yuzuohong Linux - Networking 3 01-01-2003 09:30 PM
iptables redirect slack Linux - Networking 0 06-17-2002 04:04 AM
iptables redirect bhartnett Linux - Networking 1 09-26-2001 09:11 PM


All times are GMT -5. The time now is 05:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration