From mboxrd@z Thu Jan  1 00:00:00 1970
From: rgr@sdf.lonestar.org (Rob Ristroph)
To: 9fans@cse.psu.edu
Message-ID: <87oeyepers.fsf@rgristroph-austin.ath.cx>
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Common Lisp)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: [9fans] NAT'ing a drawterm connection
Date: Sun, 24 Aug 2003 23:00:55 -0500
Topicbox-Message-UUID: 20466686-eacc-11e9-9e20-41e7f4b1d025


I have a cpu/auth server on a private network, which is connected to
the internet via a Linux computer running iptables and masquerading or
NAT'ing as they call it now.

 From that linux box I can drawterm into my Plan 9 cpu/auth server.

I would like to forward the appropriate ports so that someone on the
internet at large can drawterm to my plan 9 machine.

Here was my first attempt:

# Port forwarding to try to make drawterm to Plan 9 machine work
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 567 -i eth0 -j DNAT --to 192.168.1.18:567
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 567 -i eth0 -j DNAT --to 192.168.1.18:17007
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 567 -i eth0 -j DNAT --to 192.168.1.18:17008

However it doesn't work.

Has anyone set this up before ?

If the connections on 170xx are initiated from the Plan 9 side, I
don't need those last two lines, right ?  For simplicity let's presume
the client drawterm has a real IP address.

--Rob