[CentOS] TCP/IP Port Relay

Thu Apr 24 16:28:24 UTC 2008
Vahur Jõesalu <vahur at joesalu.com>

well you can't - to the best of my knowledge. And I cannot see the 
reason for wanting it. The idea of using -i and -o in FORWARD chain is 
to specify the direction traffic is allowed to go. It could be that 
firewall is blocking all outgoing traffic. Omitting -i and -o would 
allow the internal server to initiate traffic to port 23 anywhere in the 

Virtual interface is for assigning additional IP-s to same interface, so 
   any rules regarding interface still apply to the whole of physical 
network card.


James Pifer wrote:
> On Thu, 2008-04-24 at 17:27 +0300, Vahur Jõesalu wrote:
>> hmm, if I understood you correctly, then this should work just fine (on 
>> linux firewall):
>> /sbin/iptables -t nat -I PREROUTING -p tcp --dport 23 -j DNAT \
>> --to telnetserverip:port-number
>> /sbin/iptables -I FORWARD -i external_interface -o internal_interface \ 
>> -p tcp -d telnetserverip --dport portnumberontelnetserver -j ACCEPT
>> after a reboot or firewall service restart it's gone again.
>> -vahur
> Sorry to jump in on someone else's thread, but... How do you do this if
> the interface you want to use is a virtual? Meaning it's eth0:1 for
> example? The -i parameter will not let you use that. 
> Thanks,
> James
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos