iptables confusion.
Ken D'Ambrosio
ken at jots.org
Mon Feb 15 16:37:43 EST 2016
Every time I think I'm getting to the point where I might understand IP
Tables, I do something that proves that, no, I really don't. Today's
confusion: I want to set up a virtual NIC to do port forwarding. But
first, I wanted to get the port forward part of the equation straight.
So I wound up executing these commands:
iptables -t nat -A PREROUTING -p tcp --dport 8774 -j DNAT --to
172.23.242.39:8774
iptables -A FORWARD -d 172.23.242.39 -p tcp --dport 8774 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
Worked great. I then did an "ifconfig eth0:1 172.23.9.139 netmask
255.255.255.0" to see if I could telnet to port 8774 on it. I could.
So then I did "iptables --flush", and it did. When I type "iptables
--list", I now get:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Terrific. Pretty much what I expected. Telnetting to port 8774 on eth0
fails, as expected... but telnetting to port 8774 on the virtual works
great. I even fired up Firefox to make sure, and youbetchya, it's
interacting with the remote server.
Why?
-Ken
More information about the gnhlug-discuss
mailing list