[CentOS] A little iptables help
Rodrigo Barbosa
rodrigob at suespammers.org
Thu Sep 29 01:53:13 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Sep 28, 2005 at 02:35:39PM -0400, James Pifer wrote:
> On Wed, 2005-09-28 at 11:20 -0700, Kirk Bocek wrote:
> >
> > James Pifer wrote:
> >
> > > I can't make 10.10.60.3 use 10.10.60.4 as the router.
> >
> > I might be wrong about needing to use 10.10.60.3 for the return traffic. The DNAT
> > function on 10.10.60.3 won't change the source IP address. As long a 10.10.60.4 has a
> > route to the first network, this should still work.
> >
> >
> > > If I loaded a port forwarding application on 10.10.60.3 and had it
> > > forward ports to .4 for port 5900 I would not have this requirement.
> > >
> > > Can't iptables to the same thing somehow?
> >
> > You lost me here. Iptables *is* our 'port forwarding application' on 10.10.60.3.
> > The rule I wrote would accept traffic going to 10.10.60.3:5900 and send it back out
> > to 10.10.60.4:5900.
>
> Okay, doesn't seem to be doing it. I must be doing something wrong. I'll
> play with it more this evening.
Hummm, it will be really complicated to do this, since you will need
2 terminating rules to be applied. So, you will need to use 2 tables for it.
iptables -t nat -A PREROUTING -p tcp -s ! 10.0.0.0/8 --destination-port 5900 -j DNAT --to-destination 10.10.60.4
iptables -t nat -A POSTROUTING -p tcp -d 10.10.60.4 --destination-port 5900 -j MASQUERADE
Of course, you can use -j SNAT --to-source 10.10.60.3 to get the same effect
of -j MASQUERADE. I'm just lazy.
Bu port forwarding application, I think he means a SOCKS{4,5} Proxy. Which is
NOT a port forward application.
[]s
- --
Rodrigo Barbosa <rodrigob at suespammers.org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDO0kJpdyWzQ5b5ckRArhBAJ9YHzB+YHSWYAfDlM0rN2gwcE4QKACeKM41
cqwuAhSpwQDG+e7N7xn5fVc=
=jBeQ
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list