From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from linserver.romuald.net.eu.org ([63.228.150.209])
	by speech.braille.uwo.ca with esmtp (Exim 3.36 #1 (Debian))
	id 1HUGdP-0004ut-00
	for <speakup@braille.uwo.ca>; Thu, 22 Mar 2007 02:18:51 -0400
Received: (qmail 21403 invoked by uid 1000); 21 Mar 2007 23:18:18 -0700
Date: Wed, 21 Mar 2007 23:18:18 -0700
From: Gregory Nowak <greg@romuald.net.eu.org>
To: speakup@braille.uwo.ca
Subject: iptables help please
Message-ID: <20070322061818.GA21381@localhost.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed
Content-Disposition: inline
X-PGP-Key: http://www.romuald.net.eu.org/pubkey.asc
User-Agent: Mutt/1.5.13 (2006-08-11)
X-BeenThere: speakup@braille.uwo.ca
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "Speakup is a screen review system for Linux."
	<speakup@braille.uwo.ca>
List-Id: "Speakup is a screen review system for Linux."
	<speakup.braille.uwo.ca>
List-Unsubscribe: <http://speech.braille.uwo.ca/mailman/listinfo/speakup>,
	<mailto:speakup-request@braille.uwo.ca?subject=unsubscribe>
List-Archive: <http://speech.braille.uwo.ca/pipermail/speakup>
List-Post: <mailto:speakup@braille.uwo.ca>
List-Help: <mailto:speakup-request@braille.uwo.ca?subject=help>
List-Subscribe: <http://speech.braille.uwo.ca/mailman/listinfo/speakup>,
	<mailto:speakup-request@braille.uwo.ca?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2007 06:18:51 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all.

I'm trying to setup iptables, so that if I connect to localhost port
xxx, the connection will be redirected to a machine on my internal lan
on the same xxx port.

So, what I've put into my firewall script is:

iptables -t nat -A PREROUTING -p tcp -i lo --dport xxx -j DNAT
- --to-destination 192.168.0.4

all on one line of course, and where xxx is a valid tcp port number.

However, when I telnet to localhost xxx, I get "trying 127.0.0.1", and
then "connection refused", even though I am able to telnet to
192.168.0.4 on port xxx without a problem.

I also know for a fact that the above line works just fine if I want to expose ports from
machines on my internal network to the outside world, using eth0
instead of lo in those scenarios of course.

So, Can someone please tell me what I'm missing? Is it possible
perhaps that lo cannot be treated in the same way that eth0, my
outside interface, and eth1, my lan interface are treated? Thanks in
advance for any help.

Greg


- -- 
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)

- --
Free domains: http://www.eu.org/ or mail dns-manager@EU.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGAh+q7s9z/XlyUyARAmPvAKCKhLE4V26PNAo8tdGfoygtfpMsQACgxqLu
8s4rfz3Cvw7skcCDtcaaiM4=
=17oE
-----END PGP SIGNATURE-----