[CentOS] iptables question

Mon Feb 23 16:35:57 UTC 2009
Robert Nichols <rnicholsNOSPAM at comcast.net>

Ward.P.Fontenot at wellsfargo.com wrote:
> I've added the following and it still isn't working
> 
> iptables -t nat -I PREROUTING -p tcp -m tcp --dport 8443 -j DNAT
> --to-destination 192.168.0.2:8443
> iptables -A FORWARD -d 192.168.0.1 -p tcp -m tcp --dport 8443 -j ACCEPT
> 
> I've enabled forwarding - not sure if it's needed but it's there just in
> case.

Yes, you do need forwarding enabled.

In that second rule, the match address should be 192.168.0.2 since the
translation has already been applied.  What does the rest of your
FILTER chain look like?  If the packet matches a REJECT rule prior
to reaching your ACCEPT rule, that will be the end of it.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.