Port translation
IKnowNot at comcast.net
IKnowNot at comcast.net
Sun Jul 13 00:12:23 UTC 2008
Uno Engborg wrote:
> Rüdiger Pretzlaff skrev:
>>
>> Am 12.07.2008 um 12:21 schrieb Uno Engborg:
>>
>>> For various reasons I would like to forward trafic to port 390 to
>>> port 5432 on the same host. One would think this would be a
>>> simple task for iptables but I have now tinkered with this for two
>>> days, and I still fail to get it right.
>>>
>>> I try something like:
>>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>>
>>> iptables -t nat -A PREROUTING -p tcp --dport 390 -j REDIRECT
>>> --to-ports 5432
>>>
>>> I have also tried :
>>> iptables -t nat -A PREROUTING -p tcp --dport 390 -j DNAT --to
>>> 192.168.0.5:5432
>>>
>>> where 192.168.0.5 is the address of the host
>>>
>>>
>>> Any ideas on how to do this?
>>>
>>> Regards
>>> Uno Engborg
>>
>> Hi,
>>
>> add:
>> iptables -A FORWARD -p tcp --dport 390 -d 192.168.0.5 -j ACCEPT
>
> Thanks., but unfortunately that isn't enough to make it work.
>
> Is there any special kernel modules or /proc/sys/ipv4/* settings I need
> to do,
> or could the problem be that it is the same host?
>
> Regards
> Uno Engborg
>
I don't know how you are applying this so it is hard to say, but you do
not need forwarding.
I would prefer to see you use --to-port ( for single port ) rather then
using --to-ports
Have you seen this:
http://en.wikipedia.org/wiki/Iptables#Redirection_example
If that does not work, maybe include the output from
iptables -t nat --list
and
iptables -n --list --line-numbers
as there may be something else blocking the packets.
More information about the users
mailing list