Re: iptables help please

[Willem van der Walt <wvdwalt@csir.co.za>]

I have not done this, but if what you have done below does not work, I 
would replace the -i lo with -s 127.0.0.1
and see if it helps.
HTH Willem


On Wed, 21 Mar 2007, Gregory Nowak wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi all.
> 
> I'm trying to setup iptables, so that if I connect to localhost port
> xxx, the connection will be redirected to a machine on my internal lan
> on the same xxx port.
> 
> So, what I've put into my firewall script is:
> 
> iptables -t nat -A PREROUTING -p tcp -i lo --dport xxx -j DNAT
> - --to-destination 192.168.0.4
> 
> all on one line of course, and where xxx is a valid tcp port number.
> 
> However, when I telnet to localhost xxx, I get "trying 127.0.0.1", and
> then "connection refused", even though I am able to telnet to
> 192.168.0.4 on port xxx without a problem.
> 
> I also know for a fact that the above line works just fine if I want to expose ports from
> machines on my internal network to the outside world, using eth0
> instead of lo in those scenarios of course.
> 
> So, Can someone please tell me what I'm missing? Is it possible
> perhaps that lo cannot be treated in the same way that eth0, my
> outside interface, and eth1, my lan interface are treated? Thanks in
> advance for any help.
> 
> Greg
> 
> 
> - -- 
> web site: http://www.romuald.net.eu.org
> gpg public key: http://www.romuald.net.eu.org/pubkey.asc
> skype: gregn1
> (authorization required, add me to your contacts list first)
> 
> - --
> Free domains: http://www.eu.org/ or mail dns-manager@EU.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> 
> iD8DBQFGAh+q7s9z/XlyUyARAmPvAKCKhLE4V26PNAo8tdGfoygtfpMsQACgxqLu
> 8s4rfz3Cvw7skcCDtcaaiM4=
> =17oE
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

-- 
This message is subject to the CSIR's copyright, terms and conditions and
e-mail legal notice. Views expressed herein do not necessarily represent the
views of the CSIR.
 
CSIR E-mail Legal Notice
http://mail.csir.co.za/CSIR_eMail_Legal_Notice.html 
 
CSIR Copyright, Terms and Conditions
http://mail.csir.co.za/CSIR_Copyright.html 
 
For electronic copies of the CSIR Copyright, Terms and Conditions and the CSIR
Legal Notice send a blank message with REQUEST LEGAL in the subject line to
CallCentre@csir.co.za.


This message has been scanned for viruses and dangerous content by MailScanner, 
and is believed to be clean.  MailScanner thanks Transtec Computers for their support.