* iptables help please
@ Gregory Nowak
` Willem van der Walt
` Dawes, Stephen
0 siblings, 2 replies; 6+ messages in thread
From: Gregory Nowak @ UTC (permalink / raw)
To: speakup
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all.
I'm trying to setup iptables, so that if I connect to localhost port
xxx, the connection will be redirected to a machine on my internal lan
on the same xxx port.
So, what I've put into my firewall script is:
iptables -t nat -A PREROUTING -p tcp -i lo --dport xxx -j DNAT
- --to-destination 192.168.0.4
all on one line of course, and where xxx is a valid tcp port number.
However, when I telnet to localhost xxx, I get "trying 127.0.0.1", and
then "connection refused", even though I am able to telnet to
192.168.0.4 on port xxx without a problem.
I also know for a fact that the above line works just fine if I want to expose ports from
machines on my internal network to the outside world, using eth0
instead of lo in those scenarios of course.
So, Can someone please tell me what I'm missing? Is it possible
perhaps that lo cannot be treated in the same way that eth0, my
outside interface, and eth1, my lan interface are treated? Thanks in
advance for any help.
Greg
- --
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)
- --
Free domains: http://www.eu.org/ or mail dns-manager@EU.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGAh+q7s9z/XlyUyARAmPvAKCKhLE4V26PNAo8tdGfoygtfpMsQACgxqLu
8s4rfz3Cvw7skcCDtcaaiM4=
=17oE
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: iptables help please
iptables help please Gregory Nowak
@ ` Willem van der Walt
` Gregory Nowak
` Dawes, Stephen
1 sibling, 1 reply; 6+ messages in thread
From: Willem van der Walt @ UTC (permalink / raw)
To: Speakup is a screen review system for Linux.
I have not done this, but if what you have done below does not work, I
would replace the -i lo with -s 127.0.0.1
and see if it helps.
HTH Willem
On Wed, 21 Mar 2007, Gregory Nowak wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all.
>
> I'm trying to setup iptables, so that if I connect to localhost port
> xxx, the connection will be redirected to a machine on my internal lan
> on the same xxx port.
>
> So, what I've put into my firewall script is:
>
> iptables -t nat -A PREROUTING -p tcp -i lo --dport xxx -j DNAT
> - --to-destination 192.168.0.4
>
> all on one line of course, and where xxx is a valid tcp port number.
>
> However, when I telnet to localhost xxx, I get "trying 127.0.0.1", and
> then "connection refused", even though I am able to telnet to
> 192.168.0.4 on port xxx without a problem.
>
> I also know for a fact that the above line works just fine if I want to expose ports from
> machines on my internal network to the outside world, using eth0
> instead of lo in those scenarios of course.
>
> So, Can someone please tell me what I'm missing? Is it possible
> perhaps that lo cannot be treated in the same way that eth0, my
> outside interface, and eth1, my lan interface are treated? Thanks in
> advance for any help.
>
> Greg
>
>
> - --
> web site: http://www.romuald.net.eu.org
> gpg public key: http://www.romuald.net.eu.org/pubkey.asc
> skype: gregn1
> (authorization required, add me to your contacts list first)
>
> - --
> Free domains: http://www.eu.org/ or mail dns-manager@EU.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFGAh+q7s9z/XlyUyARAmPvAKCKhLE4V26PNAo8tdGfoygtfpMsQACgxqLu
> 8s4rfz3Cvw7skcCDtcaaiM4=
> =17oE
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
--
This message is subject to the CSIR's copyright, terms and conditions and
e-mail legal notice. Views expressed herein do not necessarily represent the
views of the CSIR.
CSIR E-mail Legal Notice
http://mail.csir.co.za/CSIR_eMail_Legal_Notice.html
CSIR Copyright, Terms and Conditions
http://mail.csir.co.za/CSIR_Copyright.html
For electronic copies of the CSIR Copyright, Terms and Conditions and the CSIR
Legal Notice send a blank message with REQUEST LEGAL in the subject line to
CallCentre@csir.co.za.
This message has been scanned for viruses and dangerous content by MailScanner,
and is believed to be clean. MailScanner thanks Transtec Computers for their support.
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: iptables help please
` Willem van der Walt
@ ` Gregory Nowak
` Dawes, Stephen
0 siblings, 1 reply; 6+ messages in thread
From: Gregory Nowak @ UTC (permalink / raw)
To: Speakup is a screen review system for Linux.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks for your suggestions Stephen and Willem. Unfortunately, it
still doesn't work. I've tried both
iptables -t nat -A PREROUTING -p tcp -i lo -s 127.0.0.1 --dport xxx
- -j DNAT --to-destination 192.168.0.4
and
iptables -t nat -A PREROUTING -p tcp -s 127.0.0.1 --dport xxx
- -j DNAT --to-destination 192.168.0.4
, and I still get connection refused either way. Thanks.
Greg
On Thu, Mar 22, 2007 at 09:52:45AM +0200, Willem van der Walt wrote:
> I have not done this, but if what you have done below does not work, I
> would replace the -i lo with -s 127.0.0.1
> and see if it helps.
> HTH Willem
>
>
- --
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)
- --
Free domains: http://www.eu.org/ or mail dns-manager@EU.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGAr9Q7s9z/XlyUyARAkrPAKDLGXN/s15ZxGW+Z9612+LM6dKwygCgytJk
TI4vq5ZMGWyZQv1EHNUWGLQ=
=qRz8
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 6+ messages in thread* RE: iptables help please
` Gregory Nowak
@ ` Dawes, Stephen
0 siblings, 0 replies; 6+ messages in thread
From: Dawes, Stephen @ UTC (permalink / raw)
To: Speakup is a screen review system for Linux.
You may have a drop earlier in the iptables script that is dropping all
127.0.0.1 connections.
Check for that and just comment it out.
Then what I would do is test the two statements you included in your
last post.
If one of them work, then just make sure you are dropping everything
else.
If it doesn't work, then I don't know what to suggest.
Steve Dawes
Phone: (403) 268-5527
Email: SDawes@calgary.ca
NOTICE -
This communication is intended ONLY for the use of the person or entity named above and may contain information that is confidential or legally privileged. If you are not the intended recipient named above or a person responsible for delivering messages or communications to the intended recipient, YOU ARE HEREBY NOTIFIED that any use, distribution, or copying of this communication or any of the information contained in it is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and then destroy or delete this communication, or return it to us by mail if requested by us. The City of Calgary thanks you for your attention and co-operation.
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: iptables help please
iptables help please Gregory Nowak
` Willem van der Walt
@ ` Dawes, Stephen
` fedora core 6 installing everything Nick Gawronski
1 sibling, 1 reply; 6+ messages in thread
From: Dawes, Stephen @ UTC (permalink / raw)
To: Speakup is a screen review system for Linux.
Greg, you are missing the source address for this statement to work. You
need to add the -s <ipaddr> before the -p xxx parameter.
Steve Dawes
Phone: (403) 268-5527
Email: SDawes@calgary.ca
NOTICE -
This communication is intended ONLY for the use of the person or entity named above and may contain information that is confidential or legally privileged. If you are not the intended recipient named above or a person responsible for delivering messages or communications to the intended recipient, YOU ARE HEREBY NOTIFIED that any use, distribution, or copying of this communication or any of the information contained in it is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and then destroy or delete this communication, or return it to us by mail if requested by us. The City of Calgary thanks you for your attention and co-operation.
^ permalink raw reply [flat|nested] 6+ messages in thread* fedora core 6 installing everything
` Dawes, Stephen
@ ` Nick Gawronski
0 siblings, 0 replies; 6+ messages in thread
From: Nick Gawronski @ UTC (permalink / raw)
To: Speakup is a screen review system for Linux.
Hi, If I want to install fedora core 6 with speakup and I want to have
everything on the DVD installed what is the best way to go about this?
Also, Is there any free tools that I can use to resize my current debian
partition so I can have both debian and fedora core 6 on the same system? I
would use debian to manage the booting of the two operating systems and I
would also assume that both distributions can share the same swap partition?
I would have one primary debian partition and one primary fedora core 6
partition. Is this even possible?
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~ UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
iptables help please Gregory Nowak
` Willem van der Walt
` Gregory Nowak
` Dawes, Stephen
` Dawes, Stephen
` fedora core 6 installing everything Nick Gawronski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).