[NTLUG:Discuss] Firewall Forwarding Question
David
david at hayes-family.org
Thu Feb 20 22:51:26 CST 2003
What's been missing in all this is that with iptables, "forward" is
the wrong table to put this sort of thing in. What's really needed
here is the iptables "DNAT" option, which is only valid in the "nat"
table.
Here's the commands I'd suggest:
iptables -t nat -A PREROUTING -p udp -s {host-A} --dport 540 \
-j DNAT --to-destination {host-C}:540
iptables -t nat -A PREROUTING -p udp -s {host-B} --dport 540 \
-j DNAT --to-destination {host-C}:540
You'll need to have the ip_conntrack and ip_nat modules in your
kernel.
--
David Hayes
david at hayes-family.org
More information about the Discuss
mailing list