[Gllug] missing something simple on iptables config

Ashley Evans ashley at k2.com
Mon Apr 28 17:59:17 UTC 2008


Hi all,

I've got a couple of rules on a linux box here at work.  One works and 
one doesn't.  The rule that is fine is:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 20:21 -j DNAT 
--to-destination 10.7.0.91

The one that doesn't is:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 5001 -j DNAT 
--to-destination 192.168.67.1:3389

Input policy is set to allow all.

eth0:1 has the 10.7.0.0 range
eth0:2 has the 192.168.67.0 range

I can access the resource on 192.168.67.1 that I'm trying to access via 
portforwarding behind my NAT if I try from the linux router itself, but 
from the outside world (and address on eth1).  It hangs like the packets 
are being dropped.  If I remove the rule I get a direct connection 
refused as expected.

Any thoughts on what I'm missing.  I'm sure it's something silly and 
I'll be embarrassed but it's getting late in the day and I'm tired :)

Thanks for any help.

Regards,
Ashley
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list