[Nottingham] Port forwarding with iptables
Steve Goodliff
nottingham at mailman.lug.org.uk
Tue Apr 29 17:10:01 2003
> -----Original Message-----
> From: nottingham-admin@mailman.lug.org.uk
> [mailto:nottingham-admin@mailman.lug.org.uk]On Behalf Of Phil Lakin
> Sent: 29 April 2003 16:57
> To: nottingham@mailman.lug.org.uk
> Subject: RE: [Nottingham] Port forwarding with iptables
>
>
> On Tue, 2003-04-29 at 16:36, Steve Goodliff wrote:
>
> > Maybe the router isn't sending its responses back to the
> redhat box ? but
> > trying to directly send to the workstation on the 10.x network
> which it cant
> > reach.
> >
> >
>
> Hi,
>
> If tcpdump isnt picking up any returning packets, the data must be going
> in a different direction.
>
> Sounds like the adsl router is trying to send the response down the
> wrong pipe.. Can you check the routing table on the adsl router ?
>
> Why not just allow selective forwarding to the routers http ports,
> instead of trying to dnat from your internal network to the external
> network ?
>
> also, check /etc/sysctl.conf
> and make sure net.ipv4.ip_forward is set to 1
>
> Phil
>
>
> _______________________________________________
Hello,
ipv4_forward is definitely on. I'm thinking that the problem is that the
line below ought to have 192.168.1.201 instead of 10.1.1.194 so that the
router responds to my redhat box. The redhat box should then send that data
back to 10.1.1.94, how i achieve this is another matter :).
16:30:07.006388 10.1.1.194.44992 > 192.168.1.1.http: S
3580018260:3580018260(0) win 5840 <mss 1460,sackOK,timestamp 1415235782
0,nop,wscale 0> (DF) [tos 0x10]
How would selective forwarding work ?, really all I want to achieve is to be
able to access the routers web frontends from our 10.x network so
alternatives definitely considered. I'll check to see if I can access the
routers table in the morning, but can't see it being the problem.
Cheers
Steve G