[CentOS] A little iptables help

Rodrigo Barbosa rodrigob at suespammers.org
Thu Sep 29 01:53:13 UTC 2005

Hash: SHA1

On Wed, Sep 28, 2005 at 02:35:39PM -0400, James Pifer wrote:
> On Wed, 2005-09-28 at 11:20 -0700, Kirk Bocek wrote:
> > 
> > James Pifer wrote:
> > 
> > > I can't make use as the router. 
> > 
> > I might be wrong about needing to use for the return traffic. The DNAT 
> > function on won't change the source IP address. As long a has a 
> > route to the first network, this should still work.
> > 
> > 
> > > If I loaded a port forwarding application on and had it
> > > forward ports to .4 for port 5900 I would not have this requirement. 
> > > 
> > > Can't iptables to the same thing somehow?
> > 
> > You lost me here. Iptables *is* our 'port forwarding application' on
> > The rule I wrote would accept traffic going to and send it back out 
> > to
> Okay, doesn't seem to be doing it. I must be doing something wrong. I'll
> play with it more this evening. 

Hummm, it will be really complicated to do this, since you will need
2 terminating rules to be applied. So, you will need to use 2 tables for it.

iptables -t nat -A PREROUTING -p tcp -s ! --destination-port 5900 -j DNAT --to-destination
iptables -t nat -A POSTROUTING -p tcp -d --destination-port 5900 -j MASQUERADE

Of course, you can use -j SNAT --to-source to get the same effect
of -j MASQUERADE. I'm just lazy.

Bu port forwarding application, I think he means a SOCKS{4,5} Proxy. Which is
NOT a port forward application.


- -- 
Rodrigo Barbosa <rodrigob at suespammers.org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

Version: GnuPG v1.4.1 (GNU/Linux)


More information about the CentOS mailing list