LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-16-2004, 08:38 AM   #1
registering
Member
 
Registered: Jun 2003
Location: Florida, USA
Distribution: Drake 10.1 Download
Posts: 182

Rep: Reputation: 30
What's wrong with this iptables syntax??


Hi all!
My firewall's working fine, except it seems that packets originating on the firewalled-server itself are not being forwarded. So if packets arrive AT the server going to A, they get properly sent to B, but if packets originating ON the server go to A, they don't get sent anywhere. I'm using iptables v 1.2.9 on SUSE 9.1 Pro. As far as I can tell from the man pages, this command below is valid, but I always get an "invalid argument" when I execute it:

Code:
iptables -t nat -A OUTPUT -d 1.2.3.4 -j DNAT --to-destination 192.168.0.5
Any ideas what's wrong with the above? The only other rules for OUTPUT are:

Code:
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
 
Old 06-16-2004, 02:53 PM   #2
nukkel
Member
 
Registered: Mar 2003
Location: Belgium
Distribution: Hardened gentoo
Posts: 323

Rep: Reputation: 30
Could you send the exact error message?
This command should normally execute successfully...
 
Old 06-16-2004, 03:12 PM   #3
demian
Member
 
Registered: Apr 2001
Location: Bremen, Germany
Distribution: Debian
Posts: 303

Rep: Reputation: 30
The syntax is correct. However, for this command to work you need to set the parameter CONFIG_IP_NF_NAT_LOCAL during kernel configuration.

I think some distribution kernels don't include this options in their pre-compiled kernels since NAT'ing locally generated connections is a somewhat unusual thing to do: After all when the connection is generated on the local machine why not make it a connection with the "right" destitination in the first place?
 
Old 06-16-2004, 03:54 PM   #4
registering
Member
 
Registered: Jun 2003
Location: Florida, USA
Distribution: Drake 10.1 Download
Posts: 182

Original Poster
Rep: Reputation: 30
Thanks! That explains it. What was happening is, I have a DNS on A and a web server on B. To enable everyone to access B (internal and external folks), the DNS gives a global ip address, then uses a firewall to route the packets to B. Thus, if a user is ON A and surfs to the web server, DNS gives it a global ip address, and the packets weren't routing since the packets were originated from A. However I've since changed this so my DNS serves-up different addresses based on who's asking (using the "view" tag). So you're right, now that I made my DNS better, there's no need for this rule. But I appreciate the help!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables syntax puzzler tantric Linux - Security 6 03-22-2005 06:46 PM
iptables syntax question Poetics Linux - Security 4 12-24-2003 03:32 PM
iptables syntax Ge64 Linux - Security 3 08-20-2003 10:56 PM
iptables SYNTAX jrgalan Linux - Security 2 07-31-2003 12:54 AM
ipaddress syntax - iptables arobinson74 Linux - Networking 3 03-31-2003 12:34 PM


All times are GMT -5. The time now is 10:30 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration