Ping a Specific Port

Question

rlib

Asked: 2015-07-30 01:30:23 +0800 CST2015-07-30 01:30:23 +0800 CST 2015-07-30 01:30:23 +0800 CST

iptables DNAT to external IP without masquerading does not work

772

On server 1.1.1.1:

iptables -t nat -A PREROUTING -p tcp --dport 20000 -j DNAT --to-destination: 2.2.2.2:20000

iptables -t nat -A PREROUTING -p tcp --dport 20000 -j LOG --log-prefix pre20k

iptables -t nat -A POSTROUTING -p tcp --dport 20000 -j LOG --log-prefix post20k

On server 2.2.2.2:

iptables -t nat -A PREROUTING -p tcp --dport 20000 -j LOG --log-prefix pre20k

On client 3.3.3.3:

nc 1.1.1.1 20000

I can see in the logs of 1.1.1.1 that postrouting packages do have SIP=3.3.3.3 and DIP=2.2.2.2 (and not 1.1.1.1 as in original prerouting package).

However, none of the packages delivered from 1.1.1.1 arrive at 2.2.2.2. I cannot see them neither in iptables log nor in tcpdump.

Why?

1 Answers

Voted

rlib · Answer 1 · 2015-07-30T04:03:29+08:00

rlib

2015-07-30T04:03:29+08:002015-07-30T04:03:29+08:00

The machines I was testing the rules sit on digitalocean cloud. I googled and found

"Since it the gateway box is attempting to send a packet that has a different source address from itself, it will not be allowed through."

0

iptables DNAT to external IP without masquerading does not work

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?