ich bekomm es einfach nicht zum Laufen: Möchte meinem Router(NAT) (debian/testing) klarmachen, das er externe Anfragen an Port 23 ins interne Netz auf einen Rechner mit 192.168.0.4 an port 22 weiterleitet. Folgendes hab ich in /etc/ipmasq/rules/I90external.rul stehen.
$IPTABLES -t nat -j DNAT -A PREROUTING -i ${i%%:*} -d $IPOFIF/32 -p tcp --dport 23 --to-destination 192.168.0.4:22
Es funktioert einfach nicht. Verbindungen an diesen Port timen out. der outpur von iptables -L Chain INPUT (policy DROP) target prot opt source destination ipac_in all -- anywhere anywhere ACCEPT all -- anywhere anywhere LOG all -- 127.0.0.0/8 anywhere LOG level warning DROP all -- 127.0.0.0/8 anywhere ACCEPT all -- anywhere 255.255.255.255 ACCEPT all -- localnet/24 anywhere ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4 LOG all -- localnet/24 anywhere LOG level warning DROP all -- localnet/24 anywhere ACCEPT all -- anywhere 255.255.255.255 ACCEPT tcp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de tcp dpts:ftp-data:222 ACCEPT tcp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de tcp dpt:4080 ACCEPT tcp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de tcp dpt:4662 ACCEPT udp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de udp dpt:4666 ACCEPT udp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de udp dpt:6882 ACCEPT udp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de udp dpt:4444 ACCEPT udp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de udp dpt:kazaa ACCEPT tcp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de tcp dpt:gnutella-svc ACCEPT tcp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de tcp dpt:9999 ACCEPT udp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de udp dpt:7880 ACCEPT udp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de udp dpt:2234 ACCEPT udp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de udp dpts:6881:6889 DROP tcp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de tcp dpts:0:1023 DROP tcp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de tcp dpts:1024:65535 flags:SYN,RST,ACK/SYN ACCEPT all -- anywhere pD9EB2FBA.dip0.t-ipconnect.de LOG all -- anywhere anywhere LOG level warning DROP all -- anywhere anywhere
Chain FORWARD (policy DROP) target prot opt source destination ipac_in all -- anywhere anywhere ipac_out all -- anywhere anywhere ACCEPT all -- localnet/24 anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED LOG all -- anywhere localnet/24 LOG level warning DROP all -- anywhere localnet/24 LOG all -- anywhere anywhere LOG level warning DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP) target prot opt source destination ipac_out all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere 255.255.255.255 ACCEPT all -- anywhere localnet/24 ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4 LOG all -- anywhere localnet/24 LOG level warning DROP all -- anywhere localnet/24 ACCEPT all -- anywhere 255.255.255.255 ACCEPT all -- pD9EB2FBA.dip0.t-ipconnect.de anywhere LOG all -- anywhere anywhere LOG level warning DROP all -- anywhere anywhere
Chain ipac_in (2 references) target prot opt source destination all -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp dpt:ftp-data tcp -- anywhere anywhere tcp dpt:ftp tcp -- anywhere anywhere tcp dpt:ssh tcp -- anywhere anywhere tcp dpt:smtp tcp -- anywhere anywhere tcp dpt:domain udp -- anywhere anywhere udp dpt:domain tcp -- anywhere anywhere tcp dpt:www tcp -- anywhere anywhere tcp dpt:pop3 tcp -- anywhere anywhere tcp dpt:https tcp -- anywhere anywhere tcp spt:ssh tcp -- anywhere anywhere tcp spt:smtp tcp -- anywhere anywhere tcp spt:domain udp -- anywhere anywhere udp spt:domain tcp -- anywhere anywhere tcp spt:www tcp -- anywhere anywhere tcp spt:pop3 tcp -- anywhere anywhere tcp spt:https
Chain ipac_out (2 references) target prot opt source destination all -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp spt:ftp-data tcp -- anywhere anywhere tcp spt:ftp tcp -- anywhere anywhere tcp spt:ssh tcp -- anywhere anywhere tcp spt:smtp tcp -- anywhere anywhere tcp spt:domain udp -- anywhere anywhere udp spt:domain tcp -- anywhere anywhere tcp spt:www tcp -- anywhere anywhere tcp spt:pop3 tcp -- anywhere anywhere tcp spt:https tcp -- anywhere anywhere tcp dpt:ssh tcp -- anywhere anywhere tcp dpt:smtp tcp -- anywhere anywhere tcp dpt:domain udp -- anywhere anywhere udp dpt:domain tcp -- anywhere anywhere tcp dpt:www tcp -- anywhere anywhere tcp dpt:pop3 tcp -- anywhere anywhere tcp dpt:https
Und der output von iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere pD9EB2FBA.dip0.t-ipconnect.de tcp dpt:telnet to:192.168.0.4:22
Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- localnet/24 anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination
gruss felix