What's the purpose of having port range for the 'forward-to-ports' when using Port Forwarding feature?
5:22 p.m.
Hello,
On the 'forwarder' machine with ip address of 10.0.0.1 I set up port forwarding
using firewalld from of5001-5002/tcp range to ports 6001-6002 of 10.0.0.2 machine. Now
when I connect to 10.0.0.1 from a third machine to ports 5001 or 5002 both connections go
to port 6001 of the 10.0.0.2 machine; no connection ever goes to port 6002. So what's
the purpose of having range if connections to all 'forward-from-ports' always go
to the first port from the 'forward-to-ports' range? What am I missing?
Thank you,
Rufe
7:37 a.m.
On 10/04/2014 12:22 AM, Rufe Glick wrote:
Hello,
On the 'forwarder' machine with ip address of 10.0.0.1 I set up port
forwarding using firewalld from of5001-5002/tcp range to ports 6001-6002
of 10.0.0.2 machine. Now when I connect to 10.0.0.1 from a third machine
to ports 5001 or 5002 both connections go to port 6001 of the 10.0.0.2
machine; no connection ever goes to port 6002. So what's the purpose of
having range if connections to all 'forward-from-ports' always go to the
first port from the 'forward-to-ports' range? What am I missing?
No idea, sorry.
Your example creates the following rules:
*mangle
-A PRE_public_allow -p tcp -m tcp --dport 5001:5002 -j MARK --set-xmark
0x64/0xffffffff
*nat
-A PRE_public_allow -p tcp -m mark --mark 0x64 -j DNAT --to-destination
10.0.0.2:6001-6002
Description of DNAT's --to-destination in iptables-extensions man page
does not explain how it should actually work.
I tried to find some answers via Google, but without any luck.
Thomas, any ideas ?
--
Jiri
3496
days inactive
3499
days old
firewalld-users@lists.fedorahosted.org
1 comments
2 participants
participants (2)
-
Jiri Popelka -
Rufe Glick