From: rgr@sdf.lonestar.org (Rob Ristroph)
To: 9fans@cse.psu.edu
Subject: Re: [9fans] NAT'ing a drawterm connection
Date: Mon, 25 Aug 2003 00:15:16 -0500 [thread overview]
Message-ID: <87ad9ypbbv.fsf@rgristroph-austin.ath.cx> (raw)
In-Reply-To: <Pine.LNX.4.44.0308242202100.3501-100000@fbsd.cpsc.ucalgary.ca>
>>>>> "andrey" == andrey mirtchovski <mirtchov@cpsc.ucalgary.ca> writes:
andrey>
andrey> your bug is that you need to change the --dport appropriately for each
andrey> different port:
andrey>
andrey> 1018 iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 564 -j DNAT --to-destination 192.168.1.3
andrey> 1019 iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 17008 -j DNAT --to-destination 192.168.1.3
andrey> 1020 iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 17010 -j DNAT --to-destination 192.168.1.3
andrey> 1021 iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 17013 -j DNAT --to-destination 192.168.1.3
andrey>
andrey> i believe only 564 i 17008 are important, but i can't connect right now to
andrey> give you netstat...
andrey>
andrey> andrey
andrey>
andrey> On 24 Aug 2003, Rob Ristroph wrote:
andrey>
>> # Port forwarding to try to make drawterm to Plan 9 machine work
>> /sbin/iptables -t nat -A PREROUTING -p tcp --dport 567 -i eth0 -j DNAT --to 192.168.1.18:567
>> /sbin/iptables -t nat -A PREROUTING -p tcp --dport 567 -i eth0 -j DNAT --to 192.168.1.18:17007
>> /sbin/iptables -t nat -A PREROUTING -p tcp --dport 567 -i eth0 -j DNAT --to 192.168.1.18:17008
>>
That's definitely a bug.
However, I suspect the 17xxx lines should not be there at all.
Instead:
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 567 -i eth0 -j DNAT --to 192.168.1.18:567
/sbin/iptables -A FORWARD -m state --state RELATED -j ACCEPT
But this may require a special connection tracking module in the linux
netfilters package that would know that the 17xxx connection was
"related" to the forwarded 567 connection and route it accordingly.
I have no idea if those are the right options on the second line
there, I just cut-and-pasted it from a post about getting one of the
online games to work through a NAT.
Are those 17xxx connections extablished from drawterm to the cpu/auth
server, or from the Plan 9 computer to drawterm ?
Perhaps I can find out by running snoopy . . .
--Rob
next prev parent reply other threads:[~2003-08-25 5:15 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-25 4:00 Rob Ristroph
2003-08-25 4:04 ` andrey mirtchovski
2003-08-25 5:15 ` Rob Ristroph [this message]
2003-08-25 5:22 ` andrey mirtchovski
2003-08-25 5:26 ` andrey mirtchovski
2003-08-25 12:35 ` Bruce Ellis
2003-08-25 13:11 ` [9fans] " Jim Choate
2003-08-25 13:18 ` andrey mirtchovski
2003-08-25 14:00 ` Jim Choate
2003-08-25 15:24 ` andrey mirtchovski
2003-08-25 15:46 ` Scott Schwartz
2003-08-25 15:55 ` andrey mirtchovski
2003-08-25 17:40 ` Jim Choate
2003-08-25 16:05 ` matt
2003-08-25 17:37 ` Jim Choate
2003-08-26 11:22 ` matt
2003-08-28 0:13 ` Bruce Ellis
2003-08-28 8:21 ` matt
2003-08-25 13:18 ` [9fans] " Russ Cox
2003-08-25 14:02 ` [9fans] " Jim Choate
2003-08-25 17:52 ` [9fans] " Bruce Ellis
2003-08-26 0:30 ` boyd, rounin
2003-08-28 3:23 ` Russ Cox
2003-08-29 4:32 ` Rob Ristroph
2003-08-29 4:50 ` andrey mirtchovski
2003-08-25 14:53 ` matt
2003-08-26 1:16 Skip Tavakkolian
2003-08-26 1:50 ` boyd, rounin
2003-08-26 4:25 ` Jim Choate
2003-08-26 4:17 ` Jim Choate
2003-08-29 4:39 YAMANASHI Takeshi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ad9ypbbv.fsf@rgristroph-austin.ath.cx \
--to=rgr@sdf.lonestar.org \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).