iptables port forwarding question - Setup
This is a discussion on iptables port forwarding question - Setup ; Hi all, using iptables v1.3.5 on gentoo, with nat/masq from eth0 local to ppp0
outside
I've read the netfilter examples and googled, but can not figure this out: I
want to be able to accept all incoming (from ppp0) connections ...
-
iptables port forwarding question
Hi all, using iptables v1.3.5 on gentoo, with nat/masq from eth0 local to ppp0
outside
I've read the netfilter examples and googled, but can not figure this out: I
want to be able to accept all incoming (from ppp0) connections that are on port
10000 and have them forwarded to the LAN (eth0). I have tried:
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 10000 -j DNAT
iptables -A FORWARD -i ppp0 -o eth0 -p tcp --dport 10000 -j ACCEPT
but after I type the first one the shell responds: iptables v1.3.5: You must
specify --to-destination
which the iptables man page says needs an ip address, when I use
iptables -t nat -A PREROUTING -i ppp0 -p tcp --to-destination 192.168.0.254
--dport 10000 -j DNAT
the shell says: iptables v1.3.5: Unknown arg `--to-destination'
How do I allow port 10000 in with iptables?
TIA,
David
-
Re: iptables port forwarding question
2007-01-07, 12:03(-08), ~David~:
> Hi all, using iptables v1.3.5 on gentoo, with nat/masq from eth0 local to ppp0
> outside
> I've read the netfilter examples and googled, but can not figure this out: I
> want to be able to accept all incoming (from ppp0) connections that are on port
> 10000 and have them forwarded to the LAN (eth0). I have tried:
>
> iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 10000 -j DNAT
>
> iptables -A FORWARD -i ppp0 -o eth0 -p tcp --dport 10000 -j ACCEPT
>
> but after I type the first one the shell responds: iptables v1.3.5: You must
> specify --to-destination
well, yes, who would you like the router to forward the packets
to otherwise?
> which the iptables man page says needs an ip address, when I use
>
> iptables -t nat -A PREROUTING -i ppp0 -p tcp --to-destination 192.168.0.254
> --dport 10000 -j DNAT
>
> the shell says: iptables v1.3.5: Unknown arg `--to-destination'
[...]
--to-destination is an option for the DNAT target, so you must
issue it after -j DNAT (-j DNAT --to-destination ...).
--
Stéphane
-
Re: iptables port forwarding question
And should the "to-destination" not be 192.168.0.0 ?? And an
entry "to-source" the ISP's IP number given you for ppp0 ???
:-) Peter
Stephane CHAZELAS wrote:
> 2007-01-07, 12:03(-08), ~David~:
>> Hi all, using iptables v1.3.5 on gentoo, with nat/masq from eth0 local to
ppp0
>> outside
>> I've read the netfilter examples and googled, but can not figure this
out: I
>> want to be able to accept all incoming (from ppp0) connections that are
on port
>> 10000 and have them forwarded to the LAN (eth0). I have tried:
>>
>> iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 10000 -j DNAT
>>
>> iptables -A FORWARD -i ppp0 -o eth0 -p tcp --dport 10000 -j ACCEPT
>>
>> but after I type the first one the shell responds: iptables v1.3.5: You
must
>> specify --to-destination
>
> well, yes, who would you like the router to forward the packets
> to otherwise?
>
>> which the iptables man page says needs an ip address, when I use
>>
>> iptables -t nat -A PREROUTING -i ppp0 -p tcp --to-destination
192.168.0.254
>> --dport 10000 -j DNAT
>>
>> the shell says: iptables v1.3.5: Unknown arg `--to-destination'
> [...]
>
> --to-destination is an option for the DNAT target, so you must
> issue it after -j DNAT (-j DNAT --to-destination ...).
>
