[plug] iptables and iFolder
ryank at globaldial.com
Fri Dec 16 09:08:43 WST 2005
Am I right in assuming that you're on the same subnet as the server you
are trying to DNAT to?
When you connect to the internal server via that rule, your going to get
replied to directly by the server (since your source IP address doesn't
change) which will confuse your computer, since it's expecting replies
from the original IP.
You could try masquerading the connection, I think that should work.
(ie: setup a specific rule for masquerading connections from the
internal subnet which try to connect to the external ip).
On Thu, 2005-12-15 at 17:43 +0800, Rennie wrote:
> Hi All,
> Sorry if this shows up twice. The send from gmail didn't seem to get the
> I've got iFolder up and running it seem to be very good and just the
> thing I've been after for ages.
> At home I have the server behind a Linksys linux based
> modem/router. I have the wife's powerbook's iFolder client
> pointed at our external static ip address - 210.xxx.xxx.xxx:8086. With
> the modem/router set to forward all traffic coming to
> 210.xxx.xxx.xxx:8086 through to my iFolder server - all seems to work
> well. The PowerBook see the server from inside the home network and also
> from the wider internet (except UWA - another story).
> My problem is that I can't figure out how the get our Debian gateway
> machine here at work to do the same thing - i.e. route traffic from
> within the network (192.168.xxx.xxx) who's destination is the external
> interface back to an internal machine (only for port 8086).
> This is despite adding the following to the firewall script (both on 1
> line. eth0 internal NIC):
> $iptables -A FORWARD -i eth0 -p tcp --dport 8086 -j ACCEPT
> $iptables -t nat -A PREROUTING -i eth0 -p tcp -d 202.xxx.xxx.xxx --dport
> 8086 -j DNAT --to-destination 192.168.0.136:8086
> ... which are just a copies of the lines which works for the ppp0 interface.
> It works fine if the iFolder traffic is coming from the internet at
> large to the external IP - i.e. is forwarded to appropriate internal
> machine etc...but not if the traffic originates from any
> 192.168.xxx.xxx addresses.
> If I can get it working the iFolder can work from laptops that are
> internal or external with no changes to setting.
> Does anybody know what iptable magic might fix this situation?
> PLUG discussion list: plug at plug.org.au
> Committee e-mail: committee at plug.linux.org.au
More information about the plug