[Cialug] iptables restart?
L. V. Lammert
lvl at omnitec.net
Wed Dec 14 17:02:13 CST 2011
> First, forwarded ports do not show up in netstat as there is no process
> bound to the port. All iptables processing happens in the kernel.
>
Hi Zach,
Bingo - thanks! I am definately not a firewall eggspert, but I try to be a
quick study ,g>!
> You need a DNAT rule in the PREROUTING chain of the NAT table. Probably
> something like:
>
Found the DNAT rules in a different section and I copied one to create:
$IPTABLES -t nat -A PREROUTING -p TCP -i $EXTIF -d $EXTIP --dport 8000 -j
DNAT --to $MSTS1:80
The intent to accept 8000 externally and route to 80 on the internal box.
The rule shows with iptables -L:
ACCEPT tcp -- anywhere nttsrv tcp dpt:8000
['nttsrv' is defined elsewhere, but the IP is correct in the control
script.]
The port shows open externally:
8000/tcp filtered http-alt$ nmap -PN -p 8000 <external IP>
However, it DNW. Did I miss something?
TIA!!!
Lee
More information about the Cialug
mailing list