Re: [SLE] how do bind a port to a nic?

On 24/04/06 12:59, Ryan McCain wrote:
woud 'iptables -A PREROUTING -p tcp --dport 9999 -i eth1' take all
traffic going to the server on port 9999 and direct it to use eth1? if
not what is the proper syntax?
Use eth1 for what? Send it to where?

This command tells the firewall the rule applies only to tcp traffic
arriving on eth1, with a destination port of 9999. It does not say
anything at all about what is to be done with the packets; that is done
with the -j option. I am not sure if this command would need to specify
the proper table explicitly, with the -t option. The PREROUTING chain is
part of the nat table, but without the -t option, the default table is
the filter table. I would prefer to use:

iptables -t nat -A PREROUTING (etc)

This single command also does not tell us how this traffic arrives in
the nat table in the first place. All incoming network traffic must
first be handled by a rule in the INPUT or FORWARD chains of the filter
table, for example:

iptables -A FORWARD -p tcp --dport 9999 -i eth1 -j nat

This last command tells the firewall that any tcp traffic to port 9999
arriving here on eth1, but addressed to some other system, shall be sent
to the nat table for further action. If the traffic was addressed to
*this* system, you would use INPUT instead of FORWARD.

The PREROUTING chain is used to alter a packet immediately as it
arrives, eg. mark it in some way, or change a packet header, which is
not what you suggest you are trying to do. You seem only to want to do a
bit of port forwarding. Please tell us a bit more about exactly what it
is you wish to do.

--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx

Relevant Pages

  • Re: NAT: default host to route incoming calls to ?
    ... Is there some catch all "ip nat inside" command that would allow me to ... ip nat inside source static tcp 10.0.0.20 interface Dialer1 ... anything in the 6000-6999 port range would go to 10.0.0.21? ...
    (comp.dcom.sys.cisco)
  • NAT: default host to route incoming calls to ?
    ... Is there some catch all "ip nat inside" command that would allow me to ... Also, while I am at it, is there a trick to specify port ranges. ...
    (comp.dcom.sys.cisco)
  • Re: ISPs can easily decrease net abuse
    ... |use NAT with forwarding? ... When one of the inside systems wants to go out, the NAT device has to ... address to as it sends out the packets. ... Suppose the NAT box allocates port ...
    (comp.security.misc)
  • Re: How did they get past my NAT?
    ... network), I get no response, because there is no "Default host" set up ... behind my NAT, and no port forwarding for that port - if an explicit ... as I understand?), and not forwarded on the router, so there should be ...
    (comp.security.firewalls)
  • Re: Emails stuck in queue error 451 4.4.0 Primary target IP addres
    ... If you had just said "Siv you forgot to include the port number in the ... Telnet command" in your first response after asking me to carry out the ... I said earlier I am not familiar with telnet, I have probably used it twice ... Connecting To smtp.surfdsl.net...Could not open connection to the host, ...
    (microsoft.public.exchange.misc)