| |
| |
| |
|
Page: 1 2 3
Comments:
<0> hello anyone around
<0> im trying to forward all request for a specific ip port from the lan, to be redirected to another computer on the lan
<0> heres what im using, and is not working
<0> iptables -t nat -A prerouting_rule -i $LAN -p tcp -d 66.74.189.236 --dport 80 -j DNAT --to-destination 192.168.1.51:80
<1> iptables -A POSTROUTING -o eth0 -j SNAT --to 66.74.189.236 && iptables -A PREROUTING -i eth0 -d 66.74.189.238 --dport 80 -j DNAT --to 192.168.1.51:80
<0> whats the first line saying
<0> and this is on one line or two
<1> two lines
<1> &&
<0> ok.
<0> Just making sure.
<0> Whats the first line doing?
<1> well you dont use one without the other
<1> it has to do with address translatin
<0> yea I got that.
<0> and why doesnt the first line reference a port
<1> but my syntax is not 100 % either
<1> because the second does ?
<0> ok :)
<0> is -o the same as -i ?
<1> no -i is input device -o is output device
<0> so this is saying things coming in from 66.74* should be OUTPUT on eth0?
<0> err
<0> coming in FOR
<1> its comming in from inputdevice and going out through output device
<0> here you have specific no input, so I can do that?
<0> or does it default to all inputs
<1> its listening pn port 80 for coonections
<1> this line should take care of it all
<1> but theres a few minor mistakes
<0> ok
<1> the --to
<1> and --dport
<0> whats wrong with --dport?
<1> well its double
<0> it should be right?
<1> :80 and --dport 80
<1> remove the --dport
<0> from the second line.
<1> and try --to-source and --to-desitnation
<0> would that take all packets destined for 66.74.189.238:* to 192.168.1.51:80
<1> no
<1> just packets on port 80
<0> how does it know just packets on port 80 if you take out dport.
<1> by the :80
<0> that needs to be added on -d. ok it isnt there now, gotta put it on
<1> i cant check now but i have it owrking
<1> yea might be
<1> this is some older code im looking at
<1> but those two linesare the core
<1> thats all
<0> k and the to in the first line, change that to --to-destiantion
<1> yea try that
<1> it will giive an error if you try this
<1> so just troubleshoot the errors
<1> and you llbe there
<1> but its postrouting and prerouting
<1> that nat
<1> the rest is input out put and forward
<1> or mangle but we dont use that much
<1> i spend most of today writing and iptables script
<1> for a tried 2 network
<1> tier
<0> k it iddnt like --to
<1> yea i know
<0> err
<0> i meant --to-destiantion
<1> so that must bechanged i forgot to what and i dont have access to the working one
<1> try to source
<0> it likes --to
<0> ok so far I got
<0> iptables -A postrouting_rule -o $WAN -j SNAT --to 66.74.189.236
<0> iptables -A prerouting_rule -i $LAN --to 66.74.189.238:80 -j DNAT --to 192.168.1.51:80
<0> and it says
<0> root@OpenWrt:~# /etc/init.d/S35firewall restart
<0> iptables: No chain/target/match by that name
<0> iptables v1.3.3: Unknown arg `--to'
<1> -t nat
<1> i remember
<1> add -t nat to both lines
<1> because it should be in the nat table
<0> ok. and one more thing, it doesnt like one of the -to's on the second line
<1> try the -t nat first maybe it changes
<1> if not troubleshoot it by trying to-destination or to source
<1> iptables can be a bit confusing
<1> thats --dport 80 might work now too
<1> im so glad i got my script to work
<1> made it on <600x800 terminal
<1> drove me nuts
<0> i tried
<0> iptables -t nat -A postrouting_rule -o $WAN -j SNAT --to 66.74.189.236
<0> iptables -t nat -A prerouting_rule -i $LAN -d 66.74.189.238:80 -j DNAT -d 192.168.1.51:80
<0> said multiple d flags not allowed.
<0> --to didnt work either
<1> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 66.74.189.236 && iptables -t nat -A PREROUTING -i eth0 -d 66.74.189.238 --dport 80
<1> -j DNAT --to 192.168.1.51:80
<1> try that
<0> iptables -t nat -A prerouting_rule -i $LAN -d 66.74.189.236 --dport 80 -j DNAT --to 192.168.1.51:80
<0> unknown arg
<0> dport
<0> it hates me
<1> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 66.74.189.236 && iptables -t nat -A PREROUTING -i eth0 -d 66.74.189.238 --dport 80 -j DNAT --to 192.168.1.51:80
<1> just paste that to the command line
<1> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 66.74.189.236 && iptables -t nat -A PREROUTING -i eth0 -d 66.74.189.238 --dport 80 -j DNAT --to 192.168.1.51:80 || eco "i failed :("
<1> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 66.74.189.236 && iptables -t nat -A PREROUTING -i eth0 -d 66.74.189.238 --dport 80 -j DNAT --to 192.168.1.51:80 || echo "i failed :("
<0> my wan is vlan1 and my lan is br0
<0> its not eth0 :)
<1> so change eth0 to vlan1
<0> thats what $WAN did.
<1> k so this should about work
<0> it said unknown arg dport
<1> alright i guess that --dport should go
<1> weird tho
<1> because you should be able to map requests for port 80 to port 8080
<1> maybe it --sport
<0> do I need -p tcp for this?
<1> i guess you could use that for the second line
<0> haha It said I failed now
<0> iptables -t nat -A prerouting_rule -i $LAN -p tcp -d 66.74.189.236:80 -j DNAT --to 192.168.1.51:80 || echo "I
<1> haha
<0> iptables didnt error, but the echo went off
<0> is that good or bad
<1> i wish i could fire up my machne to check it but im bzipping a 55 gb file
<1> well that means it errors
<1> || means the command failed
<0> yea boolean or
<1> || = if the previous failed do this ; echo "failed"
<0> iptables v1.3.3: host/network `66.74.189.236:80' not found
<1> yes the first :80 should go to
<1> i thiss you can only use 2 is they diffrent
<1> if they both 800 it fails
<0> but it needs to be both 80 :)
<1> 80
<1> so move one
<1> use only the last
<1> or move all : 80 and use --dport 80
<0> ok that compiled, lets see its effect
<1> you only use -dport 80 -to ip.address:8080
<0> ok telneting from inside the lan to 64.blah port 80 failes.
<1> ok that probably works
<1> weird
<0> it just hangs.
<0> could not open connection on host
<1> ok make a rule:
<0> another rule?
<1> $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT && $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT && $IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT || echo "Error accepting established related!"
<0> wow.
<0> where do I put that rule
<1> before the nat
<1> it just sais to accepts any established connections
Return to
#iptables
or
Go to some related
logs:
cryhavoc rapidshare
#computers
Elevendyseven
#microsoft
#gentoo
#firebird
The NETGEAR ME102 Access Point service failed to start due to the following err
#politics
#nhl
400hp house of kolor
|
|