Uno Engborg wrote:
stan skrev:
Uno Engborg wrote:
stan skrev:
Uno Engborg wrote:
Rüdiger Pretzlaff skrev:
Am 12.07.2008 um 12:21 schrieb Uno Engborg:
For various reasons I would like to forward trafic to port 390
to port 5432 on the same host. One would think this would be a
simple task for iptables but I have now tinkered with this for
two days, and I still fail to get it right.
................
Port redirection now works locally, but not on the eth0 interface.
Regards
Uno Engborg
since you didn't use --line-numbers, it is harder to look at, but after
sorting:
packets coming into eth0 that you are redirecting are being nat-ed in
the PREROUTING chain, then are being sent to the RH-Firewall-1-INPUT
chain via the INPUT chain. They are being dropped there.
iptables -I RH-Firewall-1-INPUT -m state -p tcp -i eth0 --dport 5432
--state NEW -j ACCEPT
iptables -I RH-Firewall-1-INPUT -m state -p tcp -i eth0 --dport 5432
--state NEW -j LOG --log-level info --log-prefix "new in eth0 5432: "
the above commands place rules at the head of the RH-Firewall-1-INPUT
chain to first log then accept any tcp packets destined for port 5432
that are new. You already have one that accepts related and established
tcp packets so others should be allowed through. And logging only the
new packets will keep your logs down but allow you to know who attempted
to connect.
It is important to run the commands in the order shown if you use a
shell. That will first place the ACCEPT command at the top of the
chain, then place the logging above that. You need to log it first
before you accept or it won't hit the log! If you insert them another
way just make sure the logging line is above the ACCEPT line when you
list your rules. ( You don't really need the log rule, but it helps,
especially when testing rules. )
Hope this helps!
IKnowNot
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list