Tim Perton wrote:
Dear Grant,
thank you very much for your quick reply.
You are welcome.
I agree to the 3 conditions/caveats in your previous
email. I have already tried an example on this.
Let's say I want to connect to www.google.com
(216.239.59.103) so System B is www.google.com
Ok.
According to your example I issue the following
commands (after stop/start iptables to be fresh):
iptables -A INPUT -p tcp -m tcp --dport 1099 -j ACCEPT
What filtering do you have in place? If you do not have default
policies of ACCEPT, you will also need to add rules to your
filter:FORWARD chain to allow this traffic to pass through. I.e.
iptables -A FORWARD -i eth0 -o eth0 -d 216.239.59.103 -p tcp --dport 80
-j ACCEPT
iptables -A FORWARD -i eth0 -o eth0 -s 216.239.59.103 -p tcp --sport 80
-j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -d a.b.c.d -p
tcp --dport 1099 -j DNAT --to-destination
216.239.59.103:80
iptables -t nat -A POSTROUTING -o eth0 -d
216.239.59.103 -p tcp --dport 1099 -j SNAT --to-source
a.b.c.d
These commands look ok to me.
I am trying http://a.b.c.d:1099 or with telnet
a.b.c.d 1099 (Trying a.b.c.d... telnet: Unable to
connect to remote host: Connection refused)
I think you will have better luck playing with telnet to start with.
Keep in mind that just because you enter "http://a.b.c.d..."; in your web
browser, you are doing more than connecting to that address. You are
also asking for a page off of the domain a.b.c.d. So for testing, I'd
stick with telnet, or set up a temporary hosts entry for the test domain.
Grant. . . .
|