Go Job Hunting at the LQ Job Marketplace
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 02-03-2003, 05:46 PM   #1
Registered: Jul 2002
Location: Lacon, IL
Distribution: Slackware
Posts: 35

Rep: Reputation: 15
Exclamation IPTABLES --to-destination muliple ip:port

The man page is not very clear to me on howto do POSTROUTING of port to some internal machines. What I am trying to do is port forward 2090 to some of my intranet machines. Man page says this

--to-destination ipaddr[-ipaddr][ort-port

could someone be able to show me the correct way to write
this. This is what I have and it works for one machine only.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2090 -j DNAT --to-destination

man page says this, but I recieved an error about the first ip.
iptables -t nat -A POSTROUTING -i eth0 -p tcp --dport 2090 -j DNAT --to-destination -

I tried this and it has no errors but it don't work.

iptables -t nat -A POSTROUTING -i eth0 -p tcp --dport 2090 -j DNAT --to-destination

help will be !!!

Old 02-03-2003, 07:28 PM   #2
LQ Guru
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,155

Rep: Reputation: 56
I don't see how this can be possible

if you give a range of ports it should work

basically I know what you are trying to do. If a server requires a certain port to make a connection on, you can only have one connection to it per ip address.

Last edited by DavidPhillips; 02-03-2003 at 07:31 PM.
Old 02-05-2003, 03:58 PM   #3
Senior Member
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
Your first rule is correct...
DNAT will go to one machine...
using the PREROUTING chain, notice the 'PRE'...

The other two rules are "POSTROUTING" for packets leaving the box... notice the 'POST'... DNAT doesn't work in this chain.

What are you trying to achieve?
Old 02-06-2003, 06:08 AM   #4
Registered: May 2002
Location: Dalec, HU
Distribution: Redhat 7.3
Posts: 696

Rep: Reputation: 30
you don't need multiport
just add PREROUTING entryies for every ip but I doubt it will work fine, ususaly thing are done so that you map different port at server for each client (but your software need to have option to alter ports) ie
2029 get routed to
2030 gets routed to
and so on
Old 02-07-2003, 05:59 AM   #5
Registered: Jul 2002
Location: Lacon, IL
Distribution: Slackware
Posts: 35

Original Poster
Rep: Reputation: 15
peter_robb you are right, I have them right in my scvript. I just placed them wrong here, sorry.

I figured that adding this line would enable the port open for all machines on the network.

iptables -A INPUT -p tcp -syn --destination-port 2090 -j ACCEPT

but hey I don't have to open port 21 to ftp fron ie whats up here?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
change port using destination alaios Linux - Networking 3 03-01-2005 05:06 AM
How to connect server with muliple port via socket husniteja Programming 0 08-21-2004 03:25 AM
--destination-ports port[,port[,port...]] KevinGuy Linux - Networking 1 03-16-2004 07:06 PM
iptables logging destination Strikeman Linux - Security 1 03-12-2004 01:45 PM
iptables - source ? destination ? From where ? Dek Linux - Networking 3 05-01-2003 12:43 AM

All times are GMT -5. The time now is 01:50 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration