[Ma-linux] Can't get iptables to forward from one machine to another..
Justin Maurer
justinmm2 at gmail.com
Wed Jan 20 22:25:05 EST 2010
So I have three machines: A, B, and C.
A (10.0.0.1) is a client. The only client, in fact. Essentially, I
want to whitelist this, and only this IP.
B (10.0.0.2) is going to be a public-facing server, with port 15000 open
C (10.0.0.3) is going to be the actual server, hosting the application
on port 15000.
Normally, A is going to be an external IP, and B and C will be two
machines on my network (and the internet), but I'm trying to test this
all using a staging area on a 10.x.x.x network, hence the scenario
above.
I cannot figure out for the life of me how to do this using iptables.
I keep running into things that say this is what I should be doing:
iptables -t nat -A PREROUTING -s 10.0.0.1 --dst 10.0.0.2 -p tcp
--dport 15000 -j DNAT --to-destination 10.0.0.3
iptables -t nat -A POSTROUTING -s 10.0.0.1 -p tcp --dst 10.0.0.3
--dport 15000 -j SNAT --to-source 10.0.0.2
iptables -t nat -A OUTPUT -s 10.0.0.1 --dst 10.0.0.2 -p tcp --dport
15000 -j DNAT --to-destination 10.0.0.3
Now, I've fiddled with these slightly (in particular the
POSTROUTING).. Is it possible this is the result of all being on the
10.x.x.x network? Regardless, any help would be massively, massively
appreciated.
Thanks!
Justin
More information about the Ma-linux
mailing list