Re: Port translation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

IKnowNot@xxxxxxxxxxx skrev:

Uno Engborg wrote:

stan skrev:

Uno Engborg wrote:

stan skrev:

Uno Engborg wrote:

Rüdiger Pretzlaff skrev:


Am 12.07.2008 um 12:21 schrieb Uno Engborg:
For various reasons I would like to forward trafic to port 390 to port 5432 on the same host. One would think this would be a simple task for iptables but I have now tinkered with this for two days, and I still fail to get it right. 
................




Port redirection now works locally, but not on the eth0 interface.


Regards
Uno Engborg
since you didn't use --line-numbers, it is harder to look at, but after sorting:
packets coming into eth0 that you are redirecting are being nat-ed in the PREROUTING chain, then are being sent to the RH-Firewall-1-INPUT chain via the INPUT chain. They are being dropped there.
iptables -I RH-Firewall-1-INPUT -m state -p tcp -i eth0 --dport 5432 --state NEW -j ACCEPT
iptables -I RH-Firewall-1-INPUT -m state -p tcp -i eth0 --dport 5432 --state NEW -j LOG --log-level info --log-prefix "new in eth0 5432: "
the above commands place rules at the head of the RH-Firewall-1-INPUT chain to first log then accept any tcp packets destined for port 5432 that are new. You already have one that accepts related and established tcp packets so others should be allowed through. And logging only the new packets will keep your logs down but allow you to know who attempted to connect.
It is important to run the commands in the order shown if you use a shell. That will first place the ACCEPT command at the top of the chain, then place the logging above that. You need to log it first before you accept or it won't hit the log! If you insert them another way just make sure the logging line is above the ACCEPT line when you list your rules. ( You don't really need the log rule, but it helps, especially when testing rules. ) 


Hope this helps!

IKnowNot


That did the trick!
Thanks, to all of you that have helped

Regards
Uno Engborg

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux