[LUGOS] iptables in ip forward
Rok Potočnik
r at rula.net
Tue Jan 8 22:54:38 CET 2008
Boštjan Jerko wrote:
> On 8.1.2008, at 12:52, Tadej Slemc wrote:
>
>> iptables -t nat -D PREROUTING -i eth0 -p tcp -m tcp --dport 1025 -j
>> DNAT --to-destination 192.168.0.10:1025
>>
>> nekaj takega bi moralo dlati
>>
>> T.
>>
>
> Verjetno -A PREROUTING, ampak mi ne deluje.
ja... al -A al pa se raje -I, ce mas pol kak restriktivn rule k
onemogoci da pride sploh kak paket do njega v tem chainu... lahk posljes
izpisesk iptables-save (magar privat) pa da vidmo kaj se da narest.
Drgac pa potrebujes sledece pogoje...
- ip_forward na 1
- rule z DNAT-om
- ce mas v filter tabeli v forward chainu kje kak DROP, mors se to omogocit
naceloma bi moralo delati sledece:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -I PREROUTING -p tcp --dport 1025 -j DNAT \
--to-destination 192.168.0.10
iptables -I FORWARD -p tcp --dport 1025 -j ACCEPT
--
LP, Rok
More information about the lugos-list
mailing list