Problemy s presmerovanim pomoci iptables a DNAT

aplint na volny.cz aplint na volny.cz
Pondělí Září 22 11:16:12 CEST 2003 

Dobry den,
snazim se presmerovavat provoz (SMTP) z Internetu (eth0 ..
1.1.1.162, eth0:1 .. 1.1.1.63) do vnitrni site (eth1) na postovni
server (192.168.2.3). V Howto i ruznych konferencich jsem se
docetl, ze postacuje:

iptables -t nat -A PREROUTING -p tcp -d 1.1.1.163 -i eth0 --dport
25 -j DNAT --to 192.168.2.3

coz mi ale nefunguje. Zkouseno z jineho serveru z internetu.
tcpdumpem vidim provoz na eth0, ale na vnitrnim rozhrani eth1 jiz
nic :( Obdobne funguje pouze spojeni zevnitr pomoci MASQUERADE,
ale jiz ne pomoci SNAT (viz. zakomentovany radek v prilozenem
vypisu) /proc/sys/net/ipv4/ip_forward mam nastaveno na 1. System
je RH9, s bezpecnostnimi updaty, jadro je od Redhatu, z baliku
kernel-2.4.20-20.9 . iptables jsou verze 1.2.7a

Muzete mi nekdo poradit, co delam spatne?

  S pozdravem Linuxu ZDAR

    Roman Liszka


Prikladam vypis /etc/sysconfig/iptables

# Generated by iptables-save v1.2.7a on Mon Sep 22 09:07:50 2003

*mangle

:PREROUTING ACCEPT [1002930:453575280]

:INPUT ACCEPT [353300:124737860]

:FORWARD ACCEPT [649607:328835528]

:OUTPUT ACCEPT [349169:131880370]

:POSTROUTING ACCEPT [969574:458203242]

COMMIT

# Completed on Mon Sep 22 09:07:50 2003

# Generated by iptables-save v1.2.7a on Mon Sep 22 09:07:50 2003

*nat

:PREROUTING ACCEPT [61231:4989069]

:POSTROUTING ACCEPT [2327:199890]

:OUTPUT ACCEPT [3349:337556]

[0:0] -A PREROUTING -d 1.1.1.163 -p tcp -m tcp --dport 25 -j DNAT
--to-destination 192.168.2.3:25

[14608:952293] -A POSTROUTING -o eth0 -j MASQUERADE

#[0:0] -A POSTROUTING -o eth0 -j SNAT --to 1.1.1.163

COMMIT

# Completed on Mon Sep 22 09:07:50 2003

# Generated by iptables-save v1.2.7a on Mon Sep 22 09:07:50 2003

*filter

:INPUT DROP [2168:280978]

:FORWARD DROP [30502:2806128]

:OUTPUT ACCEPT [4164:498092]

[10127:760167] -A INPUT -i lo -j ACCEPT 

[160531:88830379] -A INPUT -i eth1 -j ACCEPT 

[168642:34141422] -A INPUT -m state --state RELATED,ESTABLISHED
-j ACCEPT 

[0:0] -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT 

[0:0] -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT 

[0:0] -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 

[0:0] -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT 

[236:12128] -A INPUT -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT 

[604318:325093912] -A FORWARD -m state --state
RELATED,ESTABLISHED -j ACCEPT 

[14781:935116] -A FORWARD -i eth1 -j ACCEPT 

[345003:131381618] -A OUTPUT -m state --state RELATED,ESTABLISHED
-j ACCEPT 

COMMIT


-- 
Potrebujete vice prostoru pro vase stranky?
Ptejte se na http://sluzby.volny.cz/cs/product/ftp_paid

Další informace o konferenci Linux