iptables redirect
 

hello !

i want to redirect stream from my firewall to another pc wich run apache on it...

for now i test this with:
(i test from 192.168.0.2 to 192.168.0.1 and i want connect to 192.168.0.3 transparantly)

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.3:80

but it doesn't work :confused:

what should i do ?

how can i view nat filter table because "iptables -L" does not ????

thank you for your help ;)

Re: iptables redirect
 

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.3:80

That is correct. Any tcp 80 traffic that is destined to your firewalls ip will be redirected to 192.168.0.3 destination port 80.

iptables -t nat -L -n -v will show you your nat tables. You may have conflicting rules that you need to delete.

thank for your reply ...

it still doesn't work ...

here my output iptables for: iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


here my output iptables for: iptables -t nat -L -n -v

Chain PREROUTING (policy ACCEPT 11 packets, 540 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.0.3:80

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination


i connect to 192.168.0.1 with mozilla but i still doesn't work ??????
i don't understand :confused:

maybe i must do something for reply of 192.168.0.3 ?

Did you remember to very nicely ask your linux box to forward packets?

cat /proc/sys/net/ipv4/ip_forward

If it does not respond with the number 1 then you forgot to ask your box to forward those nice ipv4 packets.

echo 1 > /proc/sys/net/ipv4/ip_forward

Is how you ask the box to do this for you. You probably want to add this to a start up script so when you reboot you don't have to do this by hand each time.

-b

You need to SNAT the replies from 192.168.0.3 to look like they are from 192.168.0.1

When you send the original packets from .0.2 to .0.1, it sends them to .0.3, which replies directly to .0.2 coz it's local. So 0.2 drops the packets coz it's expecting them to only come from 0.1

It's better to test this with 2 network cards and 2 different subnets..

yes you right both !

i have a script to start my computer and when i stop the rules it put 0 on /proc/sys/net/ipv4/ip_forward

so i solve the problem and i success to redirect stream to internet adress.
But i want to test from .0.2 to connect to 0.0.3 from .0.1 but it doesn't work !

i think your right and i'll try to SNAT to .0.1 to make it work !

i'll send a message later ...

thank :)

Ok it's working for testing !

i filter POSTROUTING and PREROUTING nat table for it !

thanks !
:rolleyes: