Saskatoon Linux Group Mailing List Archive: iptables question

From: rob <rwm132_at_no.spam.please>
Date: Mon Oct 15 2007 - 14:45:06 CST

Hi iptables gurus

could someone assume the lotus position and tell me how to reverse nat
properly

iptables -t nat -A POSTROUTING -d 208.185.9.1 -s 208.185.9.0/24 -p tcp
--dport 18245 -j SNAT --to 208.185.9.236

I am trying to map a private side address (208.185.9.0/24 I know I know
its not a IEEE non-routable but anyway that is set up as a private side)
any TCP coming in for port 18245 needs to goto 208.285.9.236 , which
doesn't have a gateway on it , and I need the packet edited toi say the
source addr is the NATting router 208.185.9.1 (backend) 128.233.18.148
frontend does my above command look valid? If so how do I see that its
being used iptables -L doesn't show it?

more pertinent info:
rp# uname -a
Linux rp 2.4.30 #2 Thu May 5 03:57:22 EDT 2005 i686 unknown

rp# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
remote-admin all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
DROP all -- anywhere anywhere state
INVALID
DROP all -- anywhere anywhere state NEW

Chain FORWARD (policy ACCEPT)
target prot opt source destination
access-acl all -- anywhere anywhere
autofw-acl all -- anywhere anywhere
portfw-acl all -- anywhere anywhere
user-filter all -- anywhere anywhere
port-filter all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
DROP all -- anywhere anywhere state
INVALID
DROP all -- anywhere anywhere state NEW

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain access-acl (1 references)
target prot opt source destination

Chain autofw-acl (1 references)
target prot opt source destination

Chain port-filter (1 references)
target prot opt source destination

Chain portfw-acl (1 references)
target prot opt source destination

Chain remote-admin (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:99
ACCEPT icmp -- anywhere anywhere icmp
echo-request

Chain user-filter (1 references)
target prot opt source destination
rp#
Received on Mon Oct 15 14:48:11 2007

This archive was generated by hypermail 2.1.8 : Mon Oct 15 2007 - 14:48:18 CST