iptables help please
Willem van der Walt
wvdwalt at csir.co.za
Thu Mar 22 03:52:45 EDT 2007
I have not done this, but if what you have done below does not work, I
would replace the -i lo with -s 127.0.0.1
and see if it helps.
HTH Willem
On Wed, 21 Mar 2007, Gregory Nowak wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all.
>
> I'm trying to setup iptables, so that if I connect to localhost port
> xxx, the connection will be redirected to a machine on my internal lan
> on the same xxx port.
>
> So, what I've put into my firewall script is:
>
> iptables -t nat -A PREROUTING -p tcp -i lo --dport xxx -j DNAT
> - --to-destination 192.168.0.4
>
> all on one line of course, and where xxx is a valid tcp port number.
>
> However, when I telnet to localhost xxx, I get "trying 127.0.0.1", and
> then "connection refused", even though I am able to telnet to
> 192.168.0.4 on port xxx without a problem.
>
> I also know for a fact that the above line works just fine if I want to expose ports from
> machines on my internal network to the outside world, using eth0
> instead of lo in those scenarios of course.
>
> So, Can someone please tell me what I'm missing? Is it possible
> perhaps that lo cannot be treated in the same way that eth0, my
> outside interface, and eth1, my lan interface are treated? Thanks in
> advance for any help.
>
> Greg
>
>
> - --
> web site: http://www.romuald.net.eu.org
> gpg public key: http://www.romuald.net.eu.org/pubkey.asc
> skype: gregn1
> (authorization required, add me to your contacts list first)
>
> - --
> Free domains: http://www.eu.org/ or mail dns-manager at EU.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFGAh+q7s9z/XlyUyARAmPvAKCKhLE4V26PNAo8tdGfoygtfpMsQACgxqLu
> 8s4rfz3Cvw7skcCDtcaaiM4=
> =17oE
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
--
This message is subject to the CSIR's copyright, terms and conditions and
e-mail legal notice. Views expressed herein do not necessarily represent the
views of the CSIR.
CSIR E-mail Legal Notice
http://mail.csir.co.za/CSIR_eMail_Legal_Notice.html
CSIR Copyright, Terms and Conditions
http://mail.csir.co.za/CSIR_Copyright.html
For electronic copies of the CSIR Copyright, Terms and Conditions and the CSIR
Legal Notice send a blank message with REQUEST LEGAL in the subject line to
CallCentre at csir.co.za.
This message has been scanned for viruses and dangerous content by MailScanner,
and is believed to be clean. MailScanner thanks Transtec Computers for their support.
More information about the Speakup
mailing list