IX2 - Data Center Colocation Service Provider Based in Los Angeles

View Full Version : Learning iptables - simple beginning

jason carr

07-24-2004, 10:08 PM

Right now my home LAN sits behind a Linksys, but the limitations of
the little router are starting to grate on me. Plus I need to learn
this linux routing stuff anyway.

Assumptions:
* debian linux iptables package
* the iptables box is 192.168.1.103
* the .103 box will receive traffic on port 5900
* .103 should redirect that tcp port 5900 traffic to .100.

I have read many tutorials/faqs/howtos in the newsgroups and on
www.iptables.org, but whenever they talk about redirecting ports it
seems to always be across a NAT boundary, which I don't need since the
iptables box is sitting behind the linksys.

Thanks for any advice, URLs, etc, you might have.

--
L.V.X., brother mouse
http://www.mousetrap.net/otr/ Old Time Radio trades
http://makeashorterlink.com/?K16312E06 CBS Radio Mystery Theater database
http://greyhound.mousetrap.net/altus/ retired racing dog

Alan Connor

07-24-2004, 10:08 PM

On Fri, 24 Oct 2003 18:59:48 -0500, jason carr <mouse.news@mousetrap.net> wrote:
>
>
>
> Right now my home LAN sits behind a Linksys, but the limitations of
> the little router are starting to grate on me. Plus I need to learn
> this linux routing stuff anyway.
>
>
> Assumptions:
> * debian linux iptables package
> * the iptables box is 192.168.1.103
> * the .103 box will receive traffic on port 5900
> * .103 should redirect that tcp port 5900 traffic to .100.
>
> I have read many tutorials/faqs/howtos in the newsgroups and on
> www.iptables.org, but whenever they talk about redirecting ports it
> seems to always be across a NAT boundary, which I don't need since the
> iptables box is sitting behind the linksys.
>
> Thanks for any advice, URLs, etc, you might have.
>
>

I have this great 500k tutorial on ipatables in HTML, but I can't find
the URL!

If you really want it, email me. You can find my address
at http://tinyurl.com/l55a. I have an FTP server here.

--
Alan C
Post validation at http://tinyurl.com/rv0y

jack

07-24-2004, 10:09 PM

jason carr wrote:
> Assumptions:
> * debian linux iptables package
> * the iptables box is 192.168.1.103
> * the .103 box will receive traffic on port 5900
> * .103 should redirect that tcp port 5900 traffic to .100.
>
> I have read many tutorials/faqs/howtos in the newsgroups and on
> www.iptables.org, but whenever they talk about redirecting ports it
> seems to always be across a NAT boundary, which I don't need since the
> iptables box is sitting behind the linksys.

Eventually, You will need some sort of "NAT". NAT stands for network
address translation, and if You want to "redirect" traffic, the thing
You do is to change the destination address field of the packets that
You redirect.

So You need an iptables rule on Your .103 box like

iptables -t nat -A PREROUTING -p tcp --dport 5900 -j DNAT \
--to-destination 192.168.1.100[:5900]

[You needn't specify the port number if You leave it unchanged.]

Note that the DNAT target is only allowed in the nat table. - So
eventually, what You need to do is NATting.

Cheers, Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...