Answer the question
In order to leave comments, you need to log in
E
E
Evgeny Petryaev2019-08-27 15:52:40
Evgeny Petryaev, 2019-08-27 15:52:40
Port forwarding from subnet to subnet?
You need to make sure that from the network 192.168.0.0 you can connect to the network 192.168.1.0 ping from 192.168.0.3 to 192.168.1.233 goes, here, in general, such a Ruslan program that connects to the server 192.168.1.233:210 and if it connects from the network 192.168.0.0 then it allegedly asks for a license, and its developers have already gone bankrupt, if you connect from the 192.168.1.0 network, then everything is ok. Here are the rules prescribed, but it did not help
sudo iptables -A FORWARD -i enp3s0 -o enp3s1 -p tcp --syn --dport 210 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -i enp3s0 -o enp3s1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -i enp3s1 -o enp3s0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -A PREROUTING -i enp3s0 -p tcp --dport 210 -j DNAT --to-destination 192.168.1.233
sudo iptables -t nat -A POSTROUTING -o enp3s1 -p tcp --dport 210 -d 192.168.1.233 -j SNAT --to-source 192.168.0.2The task is to connect the program from the network 192.168.0.0 to the server 192.168.1.233
2 answer(s)
@Gremlin92
@dronmaxman
N
none7, 2019-08-27 @Gremlin92
Shouldn't --to-source be 192.168.1.2? And connect all 192.168.0.0/24 to 192.168.0.2:210.
A
Andrey Barbolin, 2019-09-02 @dronmaxman
It is enough to add a forward and one masquerade rule. Delete all other rules.
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sudo sysctl -p
iptables -A POSTROUTING -s 192.168.0.0/24 -d 192.168.1.223 -p tcp -j SNAT --to-source 192.168 .1.1
Decryption: mask all TCP requests from addresses 192.168.0.1-254 towards address 192.168.1.233 with address 192.168.1.1.
Similar questions
V
A
B
D
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question