Okay, i solved it...FORWARD chain of 
> DROP       all  --  anywhere             anywhere           state
> INVALID,NEW 

breaks what i'm trying to do

so i need to put a rule there to ACCEPT 

On Tue, 2003-05-20 at 12:49, Liberty Young wrote:
> This: 
> /sbin/iptables -t nat  -A PREROUTING -p tcp -m tcp --dport 3022 \
>                         -j DNAT --to-destination 192.168.0.10:22
> doesn't work for me. 
> 
> Here's what i have right now: 
> [root@athena init.d]# iptables -L 
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination         
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh 
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:auth
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:3022
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination         
> ACCEPT     all  --  anywhere             anywhere           state
> RELATED,ESTABLISHED 
> DROP       all  --  anywhere             anywhere           state
> INVALID,NEW 
> ACCEPT     all  --  anywhere             anywhere           
> LOG        all  --  anywhere             anywhere           LOG level
> warning 
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination         
> DROP       icmp --  anywhere             anywhere           state
> INVALID 
> 
> [root@athena init.d]# iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination         
> DNAT       tcp  --  anywhere             anywhere           tcp dpt:3022
> to:192.168.10.192:22
> 
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination         
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination         
> [root@athena init.d]# 
> 
> 
> from happycake, a machine on the LAN, i get connection time outs
> from my job, trying to get to it accross the network, i get connection
> time outs. 
> 
> 
> 
> 
> 
> 
> 
> 
> On Tue, 2003-05-20 at 12:15, David A. Sinck wrote:
> > 
> > 
> > \_ SMTP quoth Thomas Cameron on 5/20/2003 14:06 as having spake thusly:
> > \_
> > \_ That's what I was going to answer, but I am not getting it to work...
> > \_ 
> > \_ [root@mailtest1 root]# iptables -t nat -A PREROUTING -p tcp -d
> > \_ 127.0.0.1 --dport 3022 -j DNAT --to-destination 127.0.0.1:22
> > \_ [root@mailtest1 root]# ssh 127.0.0.1 -p 3022
> > \_ ssh: connect to host 127.0.0.1 port 3022: Connection refused
> > \_ 
> > \_ I have tried to DNAT to a local address as well as another address with the
> > \_ same results.
> > \_ 
> > \_ What gives?
> > 
> > I'm going to kneejerk that it's some evil local interface problem.  I
> > know that rule works because it's firing successfully after a few IP
> > substitutions.  The rule above also faults for me.
> > 
> > \_ > /sbin/iptables -t nat  -A PREROUTING -p tcp -m tcp --dport 3022 \
> > \_ >                        -j DNAT --to-destination 192.168.0.10:22
> > 
> > David
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change  you mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss