| |
| |
| |
|
Page: 1 2 3
Comments:
<MaddMax> hello anyone around
<MaddMax> im trying to forward all request for a specific ip port from the lan, to be redirected to another computer on the lan
<MaddMax> heres what im using, and is not working
<MaddMax> iptables -t nat -A prerouting_rule -i $LAN -p tcp -d 66.74.189.236 --dport 80 -j DNAT --to-destination 192.168.1.51:80
<kut_> iptables -A POSTROUTING -o eth0 -j SNAT --to 66.74.189.236 && iptables -A PREROUTING -i eth0 -d 66.74.189.238 --dport 80 -j DNAT --to 192.168.1.51:80
<MaddMax> whats the first line saying
<MaddMax> and this is on one line or two
<kut_> two lines
<kut_> &&
<MaddMax> ok.
<MaddMax> Just making sure.
<MaddMax> Whats the first line doing?
<kut_> well you dont use one without the other
<kut_> it has to do with address translatin
<MaddMax> yea I got that.
<MaddMax> and why doesnt the first line reference a port
<kut_> but my syntax is not 100 % either
<kut_> because the second does ?
<MaddMax> ok :)
<MaddMax> is -o the same as -i ?
<kut_> no -i is input device -o is output device
<MaddMax> so this is saying things coming in from 66.74* should be OUTPUT on eth0?
<MaddMax> err
<MaddMax> coming in FOR
<kut_> its comming in from inputdevice and going out through output device
<MaddMax> here you have specific no input, so I can do that?
<MaddMax> or does it default to all inputs
<kut_> its listening pn port 80 for coonections
<kut_> this line should take care of it all
<kut_> but theres a few minor mistakes
<MaddMax> ok
<kut_> the --to
<kut_> and --dport
<MaddMax> whats wrong with --dport?
<kut_> well its double
<MaddMax> it should be right?
<kut_> :80 and --dport 80
<kut_> remove the --dport
<MaddMax> from the second line.
<kut_> and try --to-source and --to-desitnation
<MaddMax> would that take all packets destined for 66.74.189.238:* to 192.168.1.51:80
<kut_> no
<kut_> just packets on port 80
<MaddMax> how does it know just packets on port 80 if you take out dport.
<kut_> by the :80
<MaddMax> that needs to be added on -d. ok it isnt there now, gotta put it on
<kut_> i cant check now but i have it owrking
<kut_> yea might be
<kut_> this is some older code im looking at
<kut_> but those two linesare the core
<kut_> thats all
<MaddMax> k and the to in the first line, change that to --to-destiantion
<kut_> yea try that
<kut_> it will giive an error if you try this
<kut_> so just troubleshoot the errors
<kut_> and you llbe there
<kut_> but its postrouting and prerouting
<kut_> that nat
<kut_> the rest is input out put and forward
<kut_> or mangle but we dont use that much
<kut_> i spend most of today writing and iptables script
<kut_> for a tried 2 network
<kut_> tier
<MaddMax> k it iddnt like --to
<kut_> yea i know
<MaddMax> err
<MaddMax> i meant --to-destiantion
<kut_> so that must bechanged i forgot to what and i dont have access to the working one
<kut_> try to source
<MaddMax> it likes --to
<MaddMax> ok so far I got
<MaddMax> iptables -A postrouting_rule -o $WAN -j SNAT --to 66.74.189.236
<MaddMax> iptables -A prerouting_rule -i $LAN --to 66.74.189.238:80 -j DNAT --to 192.168.1.51:80
<MaddMax> and it says
<MaddMax> root@OpenWrt:~# /etc/init.d/S35firewall restart
<MaddMax> iptables: No chain/target/match by that name
<MaddMax> iptables v1.3.3: Unknown arg `--to'
<kut_> -t nat
<kut_> i remember
<kut_> add -t nat to both lines
<kut_> because it should be in the nat table
<MaddMax> ok. and one more thing, it doesnt like one of the -to's on the second line
<kut_> try the -t nat first maybe it changes
<kut_> if not troubleshoot it by trying to-destination or to source
<kut_> iptables can be a bit confusing
<kut_> thats --dport 80 might work now too
<kut_> im so glad i got my script to work
<kut_> made it on <600x800 terminal
<kut_> drove me nuts
<MaddMax> i tried
<MaddMax> iptables -t nat -A postrouting_rule -o $WAN -j SNAT --to 66.74.189.236
<MaddMax> iptables -t nat -A prerouting_rule -i $LAN -d 66.74.189.238:80 -j DNAT -d 192.168.1.51:80
<MaddMax> said multiple d flags not allowed.
<MaddMax> --to didnt work either
<kut_> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 66.74.189.236 && iptables -t nat -A PREROUTING -i eth0 -d 66.74.189.238 --dport 80
<kut_> -j DNAT --to 192.168.1.51:80
<kut_> try that
<MaddMax> iptables -t nat -A prerouting_rule -i $LAN -d 66.74.189.236 --dport 80 -j DNAT --to 192.168.1.51:80
<MaddMax> unknown arg
<MaddMax> dport
<MaddMax> it hates me
<kut_> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 66.74.189.236 && iptables -t nat -A PREROUTING -i eth0 -d 66.74.189.238 --dport 80 -j DNAT --to 192.168.1.51:80
<kut_> just paste that to the command line
<kut_> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 66.74.189.236 && iptables -t nat -A PREROUTING -i eth0 -d 66.74.189.238 --dport 80 -j DNAT --to 192.168.1.51:80 || eco "i failed :("
<kut_> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 66.74.189.236 && iptables -t nat -A PREROUTING -i eth0 -d 66.74.189.238 --dport 80 -j DNAT --to 192.168.1.51:80 || echo "i failed :("
<MaddMax> my wan is vlan1 and my lan is br0
<MaddMax> its not eth0 :)
<kut_> so change eth0 to vlan1
<MaddMax> thats what $WAN did.
<kut_> k so this should about work
<MaddMax> it said unknown arg dport
<kut_> alright i guess that --dport should go
<kut_> weird tho
<kut_> because you should be able to map requests for port 80 to port 8080
<kut_> maybe it --sport
<MaddMax> do I need -p tcp for this?
<kut_> i guess you could use that for the second line
<MaddMax> haha It said I failed now
<MaddMax> iptables -t nat -A prerouting_rule -i $LAN -p tcp -d 66.74.189.236:80 -j DNAT --to 192.168.1.51:80 || echo "I
<kut_> haha
<MaddMax> iptables didnt error, but the echo went off
<MaddMax> is that good or bad
<kut_> i wish i could fire up my machne to check it but im bzipping a 55 gb file
<kut_> well that means it errors
<kut_> || means the command failed
<MaddMax> yea boolean or
<kut_> || = if the previous failed do this ; echo "failed"
<MaddMax> iptables v1.3.3: host/network `66.74.189.236:80' not found
<kut_> yes the first :80 should go to
<kut_> i thiss you can only use 2 is they diffrent
<kut_> if they both 800 it fails
<MaddMax> but it needs to be both 80 :)
<kut_> 80
<kut_> so move one
<kut_> use only the last
<kut_> or move all : 80 and use --dport 80
<MaddMax> ok that compiled, lets see its effect
<kut_> you only use -dport 80 -to ip.address:8080
<MaddMax> ok telneting from inside the lan to 64.blah port 80 failes.
<kut_> ok that probably works
<kut_> weird
<MaddMax> it just hangs.
<MaddMax> could not open connection on host
<kut_> ok make a rule:
<MaddMax> another rule?
<kut_> $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT && $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT && $IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT || echo "Error accepting established related!"
<MaddMax> wow.
<MaddMax> where do I put that rule
<kut_> before the nat
<kut_> it just sais to accepts any established connections
Return to
#iptables
or
Go to some related
logs:
cryhavoc rapidshare
#computers
Elevendyseven
#microsoft
#gentoo
#firebird
The NETGEAR ME102 Access Point service failed to start due to the following err
#politics
#nhl
400hp house of kolor
|
|
