public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
From: James <wireless@tampabay.rr.com>
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user]  Re: iptables question
Date: Fri, 20 Jan 2006 20:41:06 +0000 (UTC)	[thread overview]
Message-ID: <loom.20060120T211711-657@post.gmane.org> (raw)
In-Reply-To: 200601201249.25509.dmitry@athabascau.ca

Dmitry S. Makovey <dmitry <at> athabascau.ca> writes:

> somewhat offtopic, but since I need any help I can get:

> how do I redirect trafic from outward facing interface 
> (192.168.1.114:80) to loopback device (127.0.0.1:80) ?

> my most obvious trick:
> iptables -t nat -A PREROUTING -p tcp -d 192.168.1.114 --dport 80 \
> 	-j DNAT --to 127.0.0.1:80
> and 
> echo 1 > /proc/sys/net/ipv4/ip_forward
> didn't help. Machine which is opening connection is hanging there 
> indefinitely...

> what did I miss?


Well, let me start off by saying that I'm still learning the
details of iptables.....

An excellent book has been recommended and I can confirm it is wonderful:
"Linux Firewalls Third Edition" 2005. by Steve Suehring and Robert L. Ziegler.
Novell press.

There are many examples covering forwarding, port redirection, dmz's and
proxies. It's hard to tell exactly what you are doing, or what you want to do.

>From the book: Enabling the loopback Interface page 111
"
Local services rely on the loop back network interface. After the system boots,
the systems's default policy is to accept all packets. Flushing any pre existing
chains has no effect. However, if the firewall is being reinitialized and had
previously used a deny-by-default policy, the drop policy would still be in
effect. Without any acceptance firewall rules, the loopback interface would
still be inaccessible. Because the loopback interface is a local, internal
interface, the firewall can allow loopback traffic immediately:

#for unlimited traffic on the loopback interface
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
"

Granted this is related to an example in the book, but hopefully it helps.
If you get frustrated, send me private email, maybe I can help. I will try.
Some folks on the list do not believe that direct control of iptables is
wise. I desent. Knowledge of iptables is of extreme value, but difficult 
to master. I'd like to see many example of iptable for 2.6 kernels published.
Updated material on iptables + 2.6 kernels, is scarcely available on the net.

hth,
James




-- 
gentoo-user@gentoo.org mailing list



  reply	other threads:[~2006-01-20 20:45 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-01-20 19:49 [gentoo-user] iptables question Dmitry S. Makovey
2006-01-20 20:41 ` James [this message]
2006-01-20 20:58   ` [gentoo-user] " Dmitry S. Makovey
2006-01-20 20:49 ` [gentoo-user] " Trenton Adams
2006-01-20 22:21   ` Dmitry S. Makovey
  -- strict thread matches above, loose matches on Subject: below --
2006-03-28 13:38 Hiren Dave
2006-03-29 14:43 ` [gentoo-user] " James

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=loom.20060120T211711-657@post.gmane.org \
    --to=wireless@tampabay.rr.com \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox