Does not work without portforwarding rules srcnat?

0 like 0 dislike
5 views
Welcome, always forwarding ports on the Ubuntu one rule of PREROUTING redirecting external port on the IPS and port of the internal host. Now needed to traverse the port RDP for Windows servers. The scheme is as follows: Windows server is in a VLAN which is described on the gateway with iptables which just probressive port. Write the following rule:
iptables-t nat -I PREROUTING policy -d 100.100.100.100 -p tcp --dport 5555 -j DNAT --to-destination 10.61.255.1:3389
. In the end it does not can be found in tcpdump just shows a connection to my IPS on the port specified in PREROUTING, but tsp is not installed.
In the end it only worked if you set the rule:
Chain POSTROUTING (policy ACCEPT 576K packets, 44M bytes)
pkts bytes target prot opt in out source destination
6453 336K SNAT tcp -- * * 0.0.0.0/0 10.61.255.1 tcp dpt:3389 to:10.61.255.254

10.61.255.254 the gateway for your network of Windows servers, the question is: why portforwarding only works with this rule? previously, the only thing missing rules PREROUTING. Thank you
by | 5 views

1 Answer

0 like 0 dislike
Forgot the rule on the filter for outside access. Something like iptables-A FORWARD -d 10.61.255.1 -p tcp --dport 3389 -j ACCEPT (you can still -m conntrack --ctstate NEW to add, if hunting). Well, either the server has no route to the Internet, and he doesn't know where to send the SYN/ACK coming from IP 1.2.3.4 type.
by

Related questions

0 like 0 dislike
1 answer
0 like 0 dislike
1 answer
0 like 0 dislike
2 answers
0 like 0 dislike
3 answers
0 like 0 dislike
3 answers
110,608 questions
257,186 answers
0 comments
33,911 users