So, something I need to remember about iptables is that you ALWAYS have to ACCEPT traffic on a port BEFORE you do anything with it. Example.
If you want to have vnc port 5902 to be forwarded to a nat'ed machine on port 5901 you will have to do the following:
iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
ONLY AFTER you have ACCEPTed the traffic can you then forward the traffic
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to-destination 192.168.122.2:3389
Again, don't forget to ACCEPT traffic before you forward it on.
No comments:
Post a Comment