On Sun, 2007-12-09 at 13:03 -0600, Les Mikesell wrote: > Craig White wrote: > > > #!/bin/sh > > # > > echo 1 > /proc/sys/net/ipv4/ip_forward > > modprobe iptable_nat > > iptables -F > > iptables -t nat -F > > iptables -P INPUT ACCEPT > > iptables -P FORWARD ACCEPT > > iptables -P OUTPUT ACCEPT > > iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445 \ > > -j REDIRECT --to-ports 1445 > > iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 139 \ > > -j REDIRECT --to-ports 1139 > > iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 137 \ > > -j REDIRECT --to-ports 1137 > > iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 138 \ > > -j REDIRECT --to-ports 1138 > > > > # smbclient -L 192.168.3.8 > > Error connecting to 192.168.3.8 (Connection refused) > > Connection to 192.168.3.8 failed > > > > # smbclient -L 192.168.3.8 -p 139 > > Error connecting to 192.168.3.8 (Connection refused) > > Connection to 192.168.3.8 failed > > > > # smbclient -L 192.168.3.8 -p 1139 > > Password: > > Anonymous login successful > > Domain=[TH] OS=[Java] Server=[Alfresco CIFS Server 3.5.1] > > > > Sharename Type Comment > > --------- ---- ------- > > cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \srvsvc failed with > > error NT_STATUS_BUFFER_TOO_SMALL > > Alfresco Disk > > IPC$ IPC > > Error connecting to 192.168.3.8 (Connection refused) > > Connection to 192.168.3.8 failed > > NetBIOS over TCP disabled -- no workgroup available > > > > Same results either way... > > For each of the PREROUTING lines, add a matching OUTPUT entry like: > > iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445 \ > -j REDIRECT --to-ports 1445 > iptables -t nat -A OUTPUT -p tcp -d 192.168.3.8 --dport 445 \ > -j REDIRECT --to-ports 1445 ---- the thing I can't figure out is why they don't show up... # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination even though, I just executed... #!/bin/sh # echo 1 > /proc/sys/net/ipv4/ip_forward modprobe iptable_nat iptables -F iptables -t nat -F iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445 \ -j REDIRECT --to-ports 1445 iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 139 \ -j REDIRECT --to-ports 1139 iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 137 \ -j REDIRECT --to-ports 1137 iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 138 \ -j REDIRECT --to-ports 1138 iptables -t nat -A OUTPUT -p tcp -d 192.168.3.8 --dport 445 \ -j REDIRECT --to-ports 1445 iptables -t nat -A OUTPUT -p tcp -d 192.168.3.8 --dport 139 \ -j REDIRECT --to-ports 1139 iptables -t nat -A OUTPUT -p udp -d 192.168.3.8 --dport 138 \ -j REDIRECT --to-ports 1138 iptables -t nat -A OUTPUT -p udp -d 192.168.3.8 --dport 137 \ -j REDIRECT --to-ports 1137 and just to make sure... # service iptables save Saving firewall rules to /etc/sysconfig/iptables: [ OK ] # cat /etc/sysconfig/iptables # Generated by iptables-save v1.3.5 on Sun Dec 9 12:18:09 2007 *filter :INPUT ACCEPT [2739:198569] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2521:240751] COMMIT # Completed on Sun Dec 9 12:18:09 2007 # Generated by iptables-save v1.3.5 on Sun Dec 9 12:18:09 2007 *nat :PREROUTING ACCEPT [39:5957] :POSTROUTING ACCEPT [260:16668] :OUTPUT ACCEPT [260:16668] -A PREROUTING -d 192.168.3.8 -p tcp -m tcp --dport 445 -j REDIRECT --to-ports 1445 -A PREROUTING -d 192.168.3.8 -p tcp -m tcp --dport 139 -j REDIRECT --to-ports 1139 -A PREROUTING -d 192.168.3.8 -p udp -m udp --dport 137 -j REDIRECT --to-ports 1137 -A PREROUTING -d 192.168.3.8 -p udp -m udp --dport 138 -j REDIRECT --to-ports 1138 -A OUTPUT -d 192.168.3.8 -p tcp -m tcp --dport 445 -j REDIRECT --to-ports 1445 -A OUTPUT -d 192.168.3.8 -p tcp -m tcp --dport 139 -j REDIRECT --to-ports 1139 -A OUTPUT -d 192.168.3.8 -p udp -m udp --dport 138 -j REDIRECT --to-ports 1138 -A OUTPUT -d 192.168.3.8 -p udp -m udp --dport 137 -j REDIRECT --to-ports 1137 COMMIT # Completed on Sun Dec 9 12:18:09 2007 At any rate, this hasn't changed anything ;-( # smbclient -L 192.168.3.8 -p 445 Error connecting to 192.168.3.8 (Connection refused) Connection to 192.168.3.8 failed # smbclient -L 192.168.3.8 -p 139 Error connecting to 192.168.3.8 (Connection refused) Connection to 192.168.3.8 failed # smbclient -L 192.168.3.8 -p 1139 Password: Anonymous login successful Domain=[TH] OS=[Java] Server=[Alfresco CIFS Server 3.5.1] Sharename Type Comment --------- ---- ------- cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \srvsvc failed with error NT_STATUS_BUFFER_TOO_SMALL Alfresco Disk IPC$ IPC Error connecting to 192.168.3.8 (Connection refused) Connection to 192.168.3.8 failed NetBIOS over TCP disabled -- no workgroup available ---- > > ...and please post a summary if you get this and the Staroffice/lucene > search working. ---- Sure - how about a separate thread? Craig