c******n
发帖数: 4965 | 1 for all traffic going to remote box 1.2.3.4 : 8888
I want to route the traffic to localhost : 8888, and I already have a ssh
tunnel
listening on localhost : 8888 to route the traffic to 1.2.3.4:8888
Thanks
I did something like this: but doesn't seem to work
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx
--dport 8888 -j DNAT --to 192.168.0.2:80
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT |
j*a
发帖数: 14423 | 2 /proc/sys/net/ipv4/ip_forward
把这个打成1
ACCEPT
【在 c******n 的大作中提到】
: for all traffic going to remote box 1.2.3.4 : 8888
: I want to route the traffic to localhost : 8888, and I already have a ssh
: tunnel
: listening on localhost : 8888 to route the traffic to 1.2.3.4:8888
: Thanks
: I did something like this: but doesn't seem to work
: /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx
: --dport 8888 -j DNAT --to 192.168.0.2:80
: /sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT
|
S*A
发帖数: 7142 | 3 how about:
iptables -t nat -A OUTPUT -p tcp -d 1.2.3.4 -j REDIRECT --to-ports 8888
That will redirect any port to port 8888. You can add --dport 8888
for only 1.2.3.4:8888
ACCEPT
【在 c******n 的大作中提到】
: for all traffic going to remote box 1.2.3.4 : 8888
: I want to route the traffic to localhost : 8888, and I already have a ssh
: tunnel
: listening on localhost : 8888 to route the traffic to 1.2.3.4:8888
: Thanks
: I did something like this: but doesn't seem to work
: /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx
: --dport 8888 -j DNAT --to 192.168.0.2:80
: /sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT
|
c******n
发帖数: 4965 | 4 thanks, I figured out, actually I need to redirect to localhost, not only
ports.
I ended up using
-t nat -A OUTPUT ....... -j DNAT --to 127.0.0.1:8888
【在 S*A 的大作中提到】
: how about:
: iptables -t nat -A OUTPUT -p tcp -d 1.2.3.4 -j REDIRECT --to-ports 8888
: That will redirect any port to port 8888. You can add --dport 8888
: for only 1.2.3.4:8888
:
: ACCEPT
|
S*A
发帖数: 7142 | 5 I think redirect by default is localhost.
【在 c******n 的大作中提到】
: thanks, I figured out, actually I need to redirect to localhost, not only
: ports.
: I ended up using
: -t nat -A OUTPUT ....... -j DNAT --to 127.0.0.1:8888
|
