[Wolves] IP Tables
Adam Sweet
drinky76 at yahoo.com
Tue Dec 20 18:52:35 GMT 2005
--- David Goodwin <david at codepoets.co.uk> wrote:
> Adam Sweet wrote:
> > --- David Goodwin <dg at clocksoft.com> wrote:
> >
> >
> >>>
> >>>-A PREROUTING -p tcp -i eth0 --sport 443 -j DNAT
> >>
> >>--to
> >>
> >>>192.168.10.31: 443
>
> >>
>
> Looking at it again, I suspect you need --sport to
> be --dport.
Ahh yeah, I've been fiddling. I'm not sure if that has
always been like that but I now have:
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [20:1420]
:OUTPUT ACCEPT [105:6517]
-A PREROUTING -p tcp -i eth0 --dport 443 -j DNAT --to
192.168.10.30:443
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -j
MASQUERADE
COMMIT
and I get a connection refused error which I've had
before. But at least you are reassuring me that I'm
not completely wrong, just crap at paying attention to
what I'm typing.
Interestingly:
[root at machinex sysconfig]# /etc/init.d/iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere
tcp dpt:https to:192.168.10.30:443
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.10.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
but:
[root at machinex sysconfig]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Thats weird, no? Getting closer? IP tables, as per the
iptables script in /etc/init.d/iptables is running.
Ad
--
http://www.drinky.org.uk
http://blog.drinky.org.uk
___________________________________________________________
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com
More information about the Wolves
mailing list