John R Pierce ha scritto:
> Jeff Potter wrote:
>>
>> Thanks, Florin and Robert, for your suggestions.
>>
>> I'm still stumped, though.
>>
>> This rule looks to be the REDIRECT rule that Robert suggests.
>> Unfortunately, as I have it written here, it fail instantly --
>> telnetting to port 80 causes an instant error.
>> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT
>> --to-ports 127.0.0.1:8080
>>
>> This gets packets in, but no reply:
>> iptables -t nat -A PREROUTING -p tcp -d 64.61.61.112 --dport 80 -j
>> DNAT --to-destination 127.0.0.1:8080
>
> IIRC, you need TWO commands to setup a port forward with iptables, one
> for the incoming like you've specified, and another to handle the response.
>
> classic example is...
>
> iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx \
> --dport 8888 -j DNAT --to 192.168.0.2:80
> iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT
>
I ran in similar troubles trying to redirect ports to another host; for
me the solution was to use xinetd; I have:
\etc\xinetd.d\pop3proxy
service pop3
{
socket_type = stream
protocol = tcp
wait = no
user = root
bind = 192.168.0.151
redirect = 172.19.3.20 110
}
One word of warning: this was working on FC4, but I think it should work
on C5 too. Also it is redirected to another host but I think it should
work on localhost too.
Lorenzo