Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Trying to nat with iptables (nat / prerouting / iptables)

from [Sean O'Reilly] Network Security [Permanent Link]
Subject: Re: Trying to nat with iptables (nat / prerouting / iptables)
Date: Mon, 27 Feb 2006 15:54:59 +0000 
On Fri, 24 Feb 2006 11:52:27 +0100
"Carlos Costa" <ccosta@gmail.com> wrote:


I'm trying to doing something simple with iptables: redirect one port
of my firewall machine to other port at other machine.

This is what I do:

iptables -t nat -A PREROUTING -p tcp --dport 81 -j DNAT --to
192.168.1.3:139

This is not a real example (I am really trying to do this with vnc
port), but here I don't have vnc, so I am testing with this.

In the FORWARD chain my policy is ACCEPT, so I assume that the packet
must go to 192.168.1.3:139 (I am logging the packets in FORWARD, and
there is no traffic).

I assume that 192.168.1.2:81 must be equivalent to 192.168.1.3:139,
but:

merry:~# telnet 192.168.1.2 81
Trying 192.168.1.2...
telnet: Unable to connect to remote host: Connection refused

merry:~# telnet 192.168.1.3 139
Trying 192.168.1.3...
Connected to 192.168.1.3.

What I am doing wrong? Thank you very much,
  Carlos.


First thing i notice here is that you are just using --to
the correct syntax is --to-destination

hope this helps

-- 
Sean O'Reilly
Systems Administrator
SECPay Ltd

http://www.secpay.com

s.oreilly@secpay.com

Mobile 07917 463906

DDI 01732 300212

This email contains information which is confidential. It is for the
exclusive use of the addressee(s). If you are not the addressee, please
note that any distribution, dissemination, copying or use of this
communication or the information in it is prohibited. If you have
received this email in error, please telephone me immediately.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Software IPS/IDS vs Appliance, sheeponhigh
Next by Date:  Re: Trying to nat with iptables (nat / prerouting / iptables), Christophe Lucas
Previous by Thread:  Re: Trying to nat with iptables (nat / prerouting / iptables), kancerbero
Next by Thread:  Re: Trying to nat with iptables (nat / prerouting / iptables), Christophe Lucas
Indexes:  [Date] [Thread] [Top] [All Lists]