iptables cannot port forward
by mfoley from LinuxQuestions.org on (#6J455)
I've done this successfully in the past, but am unable get it right now. I want connections to port 1912 on host MAIL to forward to port 3389 on IP 192.168.0.62. Verify I could get to that host: port from another LAN host, I first ran 'nc -vl -p 1912 localhost' on host MAIL, then telnet'ed to that port from another host on the LAN. That worked. I then tried:
Code:iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1912 -j DNAT --to-destination 192.168.0.62:3389When I then tried telnet'ing to MAIL port 1912 from another host, no connection.
Keeping the above setting, I added:
Code:iptables -A FORWARD -i eth0 -d 192.168.0.62 -p tcp --dport 3389 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 192.168.0.62 -p tcp --dport 3389 -j SNAT --to-source 192.168.0.2
iptables -t nat -A POSTROUTING -o eth0 -d 192.168.0.62 -p tcp --dport 3389 -j SNAT --to-source 192.168.0.2I had these setting in my notes from a previous successful connection from long ago, but again, I could not connect to MAIL:1912 from another host.
Obviously, I'm doing something wrong. Can someone straighten me out?
Code:iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1912 -j DNAT --to-destination 192.168.0.62:3389When I then tried telnet'ing to MAIL port 1912 from another host, no connection.
Keeping the above setting, I added:
Code:iptables -A FORWARD -i eth0 -d 192.168.0.62 -p tcp --dport 3389 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 192.168.0.62 -p tcp --dport 3389 -j SNAT --to-source 192.168.0.2
iptables -t nat -A POSTROUTING -o eth0 -d 192.168.0.62 -p tcp --dport 3389 -j SNAT --to-source 192.168.0.2I had these setting in my notes from a previous successful connection from long ago, but again, I could not connect to MAIL:1912 from another host.
Obviously, I'm doing something wrong. Can someone straighten me out?