Answer the question
In order to leave comments, you need to log in
S
S
simple_math2014-01-27 06:21:13
simple_math, 2014-01-27 06:21:13
iptables. Access to the Internet
Forwarded a port to connect via RDP to a computer in LAN through an alternative channel with an external ip. Before that, the computer went to the Internet through the main channel, but after I changed the default gateway for it, it refuses to go out through the new channel.
Wrote on the gateway (eth0 looks at LAN)
-A INPUT -i eth0 -s 10.30.105.0/24 -j ACCEPT
-A FORWARD -i eth0 -s 10.30.105.0/24 -j ACCEPT
Doesn't help.
Can someone advise please.
*nat
:PREROUTING ACCEPT [774:204338]
:INPUT ACCEPT [219:51348]
:OUTPUT ACCEPT [287:17326]
:POSTROUTING ACCEPT [299:18090]
-A PREROUTING -d XXX.XXX.XXX.94/32 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 10.30.105.133:3389
-A POSTROUTING -s 10.30.105.0/24 -o eth1 -p tcp -j SNAT --to-source XXX.XXX.XXX.94
COMMIT
# Completed on Sun Jan 26 10:31:53 2014
# Generated by iptables-save v1.4.7 on Sun Jan 26 10:31:53 2014
*filter
:INPUT ACCEPT [1:313]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [14:1884]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 3389 -j ACCEPT
-A FORWARD -i eth1 -p tcp -m tcp --dport 3389 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 3 answer(s)
@simple_math
B
brutal_lobster, 2014-01-27 @simple_math
Line -A POSTROUTING -s 10.30.105.0/24
-o eth1 -p tcp -j SNAT --to-source XXX.XXX.XXX.94
COMMIT
Nat TCP traffic only. Therefore, nothing is pinged and sites are not opened (DNS does not resolve addresses).
Try replacing it with:
-A POSTROUTING -o eth1 -j MASQUERADE
Similar questions
V
V
I
O
T
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question