From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx-4.csir.co.za ([146.64.10.99] helo=apollo.csir.co.za) by speech.braille.uwo.ca with esmtp (Exim 3.36 #1 (Debian)) id 1HUI8w-0005za-00 for ; Thu, 22 Mar 2007 03:55:31 -0400 Received: from localhost.localdomain ([146.64.19.125]) by apollo.csir.co.za (8.13.8/8.13.8) with ESMTP id l2M7tCji030234 for ; Thu, 22 Mar 2007 09:55:13 +0200 Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by localhost.localdomain (8.13.1/8.13.1) with ESMTP id l2M7qkaC026638 for ; Thu, 22 Mar 2007 09:52:46 +0200 Received: from localhost (wvdwalt@localhost) by localhost.localdomain (8.13.1/8.13.1/Submit) with ESMTP id l2M7qj5d026623 for ; Thu, 22 Mar 2007 09:52:46 +0200 X-Authentication-Warning: localhost.localdomain: wvdwalt owned process doing -bs Date: Thu, 22 Mar 2007 09:52:45 +0200 (SAST) From: Willem van der Walt X-X-Sender: wvdwalt@localhost.localdomain To: "Speakup is a screen review system for Linux." Subject: Re: iptables help please In-Reply-To: <20070322061818.GA21381@localhost.localdomain> Message-ID: References: <20070322061818.GA21381@localhost.localdomain> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-CSIR-MailScanner-Information: Please contact sys-admin at csir dot co dot za for more information X-CSIR-MailScanner: Found to be clean X-MailScanner-From: wvdwalt@csir.co.za X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2007 07:55:31 -0000 I have not done this, but if what you have done below does not work, I would replace the -i lo with -s 127.0.0.1 and see if it helps. HTH Willem On Wed, 21 Mar 2007, Gregory Nowak wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi all. > > I'm trying to setup iptables, so that if I connect to localhost port > xxx, the connection will be redirected to a machine on my internal lan > on the same xxx port. > > So, what I've put into my firewall script is: > > iptables -t nat -A PREROUTING -p tcp -i lo --dport xxx -j DNAT > - --to-destination 192.168.0.4 > > all on one line of course, and where xxx is a valid tcp port number. > > However, when I telnet to localhost xxx, I get "trying 127.0.0.1", and > then "connection refused", even though I am able to telnet to > 192.168.0.4 on port xxx without a problem. > > I also know for a fact that the above line works just fine if I want to expose ports from > machines on my internal network to the outside world, using eth0 > instead of lo in those scenarios of course. > > So, Can someone please tell me what I'm missing? Is it possible > perhaps that lo cannot be treated in the same way that eth0, my > outside interface, and eth1, my lan interface are treated? Thanks in > advance for any help. > > Greg > > > - -- > web site: http://www.romuald.net.eu.org > gpg public key: http://www.romuald.net.eu.org/pubkey.asc > skype: gregn1 > (authorization required, add me to your contacts list first) > > - -- > Free domains: http://www.eu.org/ or mail dns-manager@EU.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFGAh+q7s9z/XlyUyARAmPvAKCKhLE4V26PNAo8tdGfoygtfpMsQACgxqLu > 8s4rfz3Cvw7skcCDtcaaiM4= > =17oE > -----END PGP SIGNATURE----- > > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup > -- This message is subject to the CSIR's copyright, terms and conditions and e-mail legal notice. Views expressed herein do not necessarily represent the views of the CSIR. CSIR E-mail Legal Notice http://mail.csir.co.za/CSIR_eMail_Legal_Notice.html CSIR Copyright, Terms and Conditions http://mail.csir.co.za/CSIR_Copyright.html For electronic copies of the CSIR Copyright, Terms and Conditions and the CSIR Legal Notice send a blank message with REQUEST LEGAL in the subject line to CallCentre@csir.co.za. This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks Transtec Computers for their support.