Tim Perton a écrit :
I tried the forward rules too but nothing.
Still telnet a.b.c.d 1099 does not work after issuing
the following commands(no other firewalling made to
prohibit packets):
iptables -A INPUT -p tcp -m tcp --dport 1099 -j ACCEPT
This rule is useless because connections to port 1099 are forwarded to
another host. INPUT chains see only traffic for the local host.
iptables -A FORWARD -i eth0 -o eth0 -d 216.239.59.103
-p tcp --dport 80 -j ACCEPT
Ok.
iptables -A FORWARD -i eth0 -o eth0 -s 216.239.59.103
-p tcp --sport 80 -j ACCEPT
Use the connection tracking (-m state --state ESTABLISHED) to deal with
return traffic.
iptables -t nat -A PREROUTING -i eth0 -d a.b.c.d -p
tcp --dport 1099 -j DNAT --to-destination
216.239.59.103:80
Ok.
iptables -t nat -A POSTROUTING -o eth0 -d
216.239.59.103 -p tcp --dport 1099 -j SNAT --to-source
a.b.c.d
The rule must match on destination port 80 instead of 1099, because it
occurs after the destination port has been translated. Remember the path
is :
PREROUTING (DNAT) -> FORWARD -> POSTROUTING (SNAT)
|