FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 12-09-2007, 02:49 AM
Craig White
 
Default alfresco and iptables

Well, it's really an iptables question.

alfresco runs on tomcat which runs as an unprivileged user which makes
it difficult to use as a CIFS server (massive understatement)

so what I want to do is to redirect packets from unprivileged ports to
the normal SMB ports...here is my iptables script (but it's not working
as intended)

#!/bin/sh
#
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445 -j
REDIRECT
--to-ports 1445
iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 139 -j
REDIRECT
--to-ports 1139
iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 137 -j
REDIRECT
--to-ports 1137
iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 138 -j
REDIRECT
--to-ports 1138
iptables -t nat -A PREROUTING -p tcp -s 192.168.3.8 --dport 1445 -j
REDIRECT
--to-ports 445
iptables -t nat -A PREROUTING -p tcp -s 192.168.3.8 --dport 1139 -j
REDIRECT
--to-ports 139
iptables -t nat -A PREROUTING -p udp -s 192.168.3.8 --dport 1137 -j
REDIRECT
--to-ports 137
iptables -t nat -A PREROUTING -p udp -s 192.168.3.8 --dport 1138 -j
REDIRECT
--to-ports 138

suggestions?

Craig

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-09-2007, 08:52 AM
"Jonathan Underwood"
 
Default alfresco and iptables

On 09/12/2007, Craig White <craigwhite@azapple.com> wrote:
> Well, it's really an iptables question.
>
> alfresco runs on tomcat which runs as an unprivileged user which makes
> it difficult to use as a CIFS server (massive understatement)
>
> so what I want to do is to redirect packets from unprivileged ports to
> the normal SMB ports...here is my iptables script (but it's not working
> as intended)
>
> #!/bin/sh
> #
> echo 1 > /proc/sys/net/ipv4/ip_forward
> modprobe iptable_nat
> iptables -F
> iptables -t nat -F
> iptables -P INPUT ACCEPT
> iptables -P FORWARD ACCEPT
> iptables -P OUTPUT ACCEPT
> iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445 -j
> REDIRECT
> --to-ports 1445
> iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 139 -j
> REDIRECT
> --to-ports 1139
> iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 137 -j
> REDIRECT
> --to-ports 1137
> iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 138 -j
> REDIRECT
> --to-ports 1138
> iptables -t nat -A PREROUTING -p tcp -s 192.168.3.8 --dport 1445 -j
> REDIRECT
> --to-ports 445
> iptables -t nat -A PREROUTING -p tcp -s 192.168.3.8 --dport 1139 -j
> REDIRECT
> --to-ports 139
> iptables -t nat -A PREROUTING -p udp -s 192.168.3.8 --dport 1137 -j
> REDIRECT
> --to-ports 137
> iptables -t nat -A PREROUTING -p udp -s 192.168.3.8 --dport 1138 -j
> REDIRECT
> --to-ports 138

I might be wrong, but i think all of those -A should be -I.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-09-2007, 04:31 PM
Craig White
 
Default alfresco and iptables

On Sun, 2007-12-09 at 09:52 +0000, Jonathan Underwood wrote:
> On 09/12/2007, Craig White <craigwhite@azapple.com> wrote:
> > Well, it's really an iptables question.
> >
> > alfresco runs on tomcat which runs as an unprivileged user which makes
> > it difficult to use as a CIFS server (massive understatement)
> >
> > so what I want to do is to redirect packets from unprivileged ports to
> > the normal SMB ports...here is my iptables script (but it's not working
> > as intended)
> >
> > #!/bin/sh
> > #
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> > modprobe iptable_nat
> > iptables -F
> > iptables -t nat -F
> > iptables -P INPUT ACCEPT
> > iptables -P FORWARD ACCEPT
> > iptables -P OUTPUT ACCEPT
> > iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445 -j
> > REDIRECT
> > --to-ports 1445
> > iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 139 -j
> > REDIRECT
> > --to-ports 1139
> > iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 137 -j
> > REDIRECT
> > --to-ports 1137
> > iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 138 -j
> > REDIRECT
> > --to-ports 1138
> > iptables -t nat -A PREROUTING -p tcp -s 192.168.3.8 --dport 1445 -j
> > REDIRECT
> > --to-ports 445
> > iptables -t nat -A PREROUTING -p tcp -s 192.168.3.8 --dport 1139 -j
> > REDIRECT
> > --to-ports 139
> > iptables -t nat -A PREROUTING -p udp -s 192.168.3.8 --dport 1137 -j
> > REDIRECT
> > --to-ports 137
> > iptables -t nat -A PREROUTING -p udp -s 192.168.3.8 --dport 1138 -j
> > REDIRECT
> > --to-ports 138
>
> I might be wrong, but i think all of those -A should be -I.
----
Insert vs Append, not really since I don't even have a reject rule.

Didn't make a difference (I actually tried it).

Craig

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-09-2007, 04:55 PM
"Jonathan Underwood"
 
Default alfresco and iptables

On 09/12/2007, Craig White <craigwhite@azapple.com> wrote:
> Well, it's really an iptables question.
>
> alfresco runs on tomcat which runs as an unprivileged user which makes
> it difficult to use as a CIFS server (massive understatement)
>
> so what I want to do is to redirect packets from unprivileged ports to
> the normal SMB ports...here is my iptables script (but it's not working
> as intended)
>
> #!/bin/sh
> #
> echo 1 > /proc/sys/net/ipv4/ip_forward
> modprobe iptable_nat
> iptables -F
> iptables -t nat -F
> iptables -P INPUT ACCEPT
> iptables -P FORWARD ACCEPT
> iptables -P OUTPUT ACCEPT
> iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445 -j
> REDIRECT
> --to-ports 1445
> iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 139 -j
> REDIRECT
> --to-ports 1139
> iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 137 -j
> REDIRECT
> --to-ports 1137
> iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 138 -j
> REDIRECT
> --to-ports 1138
> iptables -t nat -A PREROUTING -p tcp -s 192.168.3.8 --dport 1445 -j
> REDIRECT
> --to-ports 445
> iptables -t nat -A PREROUTING -p tcp -s 192.168.3.8 --dport 1139 -j
> REDIRECT
> --to-ports 139
> iptables -t nat -A PREROUTING -p udp -s 192.168.3.8 --dport 1137 -j
> REDIRECT
> --to-ports 137
> iptables -t nat -A PREROUTING -p udp -s 192.168.3.8 --dport 1138 -j
> REDIRECT
> --to-ports 138

Umm... aren't those last four rules undoin gwhat the first 4 are doing?

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-09-2007, 05:03 PM
Craig White
 
Default alfresco and iptables

On Sun, 2007-12-09 at 17:55 +0000, Jonathan Underwood wrote:
> On 09/12/2007, Craig White <craigwhite@azapple.com> wrote:
> > Well, it's really an iptables question.
> >
> > alfresco runs on tomcat which runs as an unprivileged user which makes
> > it difficult to use as a CIFS server (massive understatement)
> >
> > so what I want to do is to redirect packets from unprivileged ports to
> > the normal SMB ports...here is my iptables script (but it's not working
> > as intended)
> >
> > #!/bin/sh
> > #
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> > modprobe iptable_nat
> > iptables -F
> > iptables -t nat -F
> > iptables -P INPUT ACCEPT
> > iptables -P FORWARD ACCEPT
> > iptables -P OUTPUT ACCEPT
> > iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445 -j
> > REDIRECT
> > --to-ports 1445
> > iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 139 -j
> > REDIRECT
> > --to-ports 1139
> > iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 137 -j
> > REDIRECT
> > --to-ports 1137
> > iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 138 -j
> > REDIRECT
> > --to-ports 1138
> > iptables -t nat -A PREROUTING -p tcp -s 192.168.3.8 --dport 1445 -j
> > REDIRECT
> > --to-ports 445
> > iptables -t nat -A PREROUTING -p tcp -s 192.168.3.8 --dport 1139 -j
> > REDIRECT
> > --to-ports 139
> > iptables -t nat -A PREROUTING -p udp -s 192.168.3.8 --dport 1137 -j
> > REDIRECT
> > --to-ports 137
> > iptables -t nat -A PREROUTING -p udp -s 192.168.3.8 --dport 1138 -j
> > REDIRECT
> > --to-ports 138
>
> Umm... aren't those last four rules undoin gwhat the first 4 are doing?
----
could be...I didn't think so. Testing was easy enough, in fact, that's
where I started...

#!/bin/sh
#
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445
-j REDIRECT --to-ports 1445
iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 139
-j REDIRECT --to-ports 1139
iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 137
-j REDIRECT --to-ports 1137
iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 138
-j REDIRECT --to-ports 1138

# smbclient -L 192.168.3.8
Error connecting to 192.168.3.8 (Connection refused)
Connection to 192.168.3.8 failed

# smbclient -L 192.168.3.8 -p 139
Error connecting to 192.168.3.8 (Connection refused)
Connection to 192.168.3.8 failed

# smbclient -L 192.168.3.8 -p 1139
Password:
Anonymous login successful
Domain=[TH] OS=[Java] Server=[Alfresco CIFS Server 3.5.1]

Sharename Type Comment
--------- ---- -------
cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe srvsvc failed with
error NT_STATUS_BUFFER_TOO_SMALL
Alfresco Disk
IPC$ IPC
Error connecting to 192.168.3.8 (Connection refused)
Connection to 192.168.3.8 failed
NetBIOS over TCP disabled -- no workgroup available

Same results either way...

;-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-09-2007, 05:05 PM
"Jonathan Underwood"
 
Default alfresco and iptables

On 09/12/2007, Jonathan Underwood <jonathan.underwood@gmail.com> wrote:
> Umm... aren't those last four rules undoin gwhat the first 4 are doing?
>

Oh, ignore that, I missed the -s vs. -d.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-09-2007, 06:03 PM
Les Mikesell
 
Default alfresco and iptables

Craig White wrote:


#!/bin/sh
#
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445
-j REDIRECT --to-ports 1445
iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 139
-j REDIRECT --to-ports 1139
iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 137
-j REDIRECT --to-ports 1137
iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 138
-j REDIRECT --to-ports 1138

# smbclient -L 192.168.3.8
Error connecting to 192.168.3.8 (Connection refused)
Connection to 192.168.3.8 failed

# smbclient -L 192.168.3.8 -p 139
Error connecting to 192.168.3.8 (Connection refused)
Connection to 192.168.3.8 failed

# smbclient -L 192.168.3.8 -p 1139
Password:
Anonymous login successful
Domain=[TH] OS=[Java] Server=[Alfresco CIFS Server 3.5.1]

Sharename Type Comment
--------- ---- -------
cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe srvsvc failed with
error NT_STATUS_BUFFER_TOO_SMALL
Alfresco Disk
IPC$ IPC
Error connecting to 192.168.3.8 (Connection refused)
Connection to 192.168.3.8 failed
NetBIOS over TCP disabled -- no workgroup available

Same results either way...


For each of the PREROUTING lines, add a matching OUTPUT entry like:

iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445
-j REDIRECT --to-ports 1445
iptables -t nat -A OUTPUT -p tcp -d 192.168.3.8 --dport 445
-j REDIRECT --to-ports 1445

...and please post a summary if you get this and the Staroffice/lucene
search working.


--
Les Mikesell
lesmikesell@gmail.com


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-09-2007, 06:21 PM
Craig White
 
Default alfresco and iptables

On Sun, 2007-12-09 at 13:03 -0600, Les Mikesell wrote:
> Craig White wrote:
>
> > #!/bin/sh
> > #
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> > modprobe iptable_nat
> > iptables -F
> > iptables -t nat -F
> > iptables -P INPUT ACCEPT
> > iptables -P FORWARD ACCEPT
> > iptables -P OUTPUT ACCEPT
> > iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445
> > -j REDIRECT --to-ports 1445
> > iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 139
> > -j REDIRECT --to-ports 1139
> > iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 137
> > -j REDIRECT --to-ports 1137
> > iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 138
> > -j REDIRECT --to-ports 1138
> >
> > # smbclient -L 192.168.3.8
> > Error connecting to 192.168.3.8 (Connection refused)
> > Connection to 192.168.3.8 failed
> >
> > # smbclient -L 192.168.3.8 -p 139
> > Error connecting to 192.168.3.8 (Connection refused)
> > Connection to 192.168.3.8 failed
> >
> > # smbclient -L 192.168.3.8 -p 1139
> > Password:
> > Anonymous login successful
> > Domain=[TH] OS=[Java] Server=[Alfresco CIFS Server 3.5.1]
> >
> > Sharename Type Comment
> > --------- ---- -------
> > cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe srvsvc failed with
> > error NT_STATUS_BUFFER_TOO_SMALL
> > Alfresco Disk
> > IPC$ IPC
> > Error connecting to 192.168.3.8 (Connection refused)
> > Connection to 192.168.3.8 failed
> > NetBIOS over TCP disabled -- no workgroup available
> >
> > Same results either way...
>
> For each of the PREROUTING lines, add a matching OUTPUT entry like:
>
> iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445
> -j REDIRECT --to-ports 1445
> iptables -t nat -A OUTPUT -p tcp -d 192.168.3.8 --dport 445
> -j REDIRECT --to-ports 1445
----
the thing I can't figure out is why they don't show up...
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

even though, I just executed...

#!/bin/sh
#
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445
-j REDIRECT --to-ports 1445
iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 139
-j REDIRECT --to-ports 1139
iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 137
-j REDIRECT --to-ports 1137
iptables -t nat -A PREROUTING -p udp -d 192.168.3.8 --dport 138
-j REDIRECT --to-ports 1138

iptables -t nat -A OUTPUT -p tcp -d 192.168.3.8 --dport 445
-j REDIRECT --to-ports 1445
iptables -t nat -A OUTPUT -p tcp -d 192.168.3.8 --dport 139
-j REDIRECT --to-ports 1139
iptables -t nat -A OUTPUT -p udp -d 192.168.3.8 --dport 138
-j REDIRECT --to-ports 1138
iptables -t nat -A OUTPUT -p udp -d 192.168.3.8 --dport 137
-j REDIRECT --to-ports 1137

and just to make sure...
# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Sun Dec 9 12:18:09 2007
*filter
:INPUT ACCEPT [2739:198569]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2521:240751]
COMMIT
# Completed on Sun Dec 9 12:18:09 2007
# Generated by iptables-save v1.3.5 on Sun Dec 9 12:18:09 2007
*nat
:PREROUTING ACCEPT [39:5957]
:POSTROUTING ACCEPT [260:16668]
:OUTPUT ACCEPT [260:16668]
-A PREROUTING -d 192.168.3.8 -p tcp -m tcp --dport 445 -j REDIRECT
--to-ports 1445
-A PREROUTING -d 192.168.3.8 -p tcp -m tcp --dport 139 -j REDIRECT
--to-ports 1139
-A PREROUTING -d 192.168.3.8 -p udp -m udp --dport 137 -j REDIRECT
--to-ports 1137
-A PREROUTING -d 192.168.3.8 -p udp -m udp --dport 138 -j REDIRECT
--to-ports 1138
-A OUTPUT -d 192.168.3.8 -p tcp -m tcp --dport 445 -j REDIRECT
--to-ports 1445
-A OUTPUT -d 192.168.3.8 -p tcp -m tcp --dport 139 -j REDIRECT
--to-ports 1139
-A OUTPUT -d 192.168.3.8 -p udp -m udp --dport 138 -j REDIRECT
--to-ports 1138
-A OUTPUT -d 192.168.3.8 -p udp -m udp --dport 137 -j REDIRECT
--to-ports 1137
COMMIT
# Completed on Sun Dec 9 12:18:09 2007

At any rate, this hasn't changed anything ;-(

# smbclient -L 192.168.3.8 -p 445
Error connecting to 192.168.3.8 (Connection refused)
Connection to 192.168.3.8 failed

# smbclient -L 192.168.3.8 -p 139
Error connecting to 192.168.3.8 (Connection refused)
Connection to 192.168.3.8 failed

# smbclient -L 192.168.3.8 -p 1139
Password:
Anonymous login successful
Domain=[TH] OS=[Java] Server=[Alfresco CIFS Server 3.5.1]

Sharename Type Comment
--------- ---- -------
cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe srvsvc failed with
error NT_STATUS_BUFFER_TOO_SMALL
Alfresco Disk
IPC$ IPC
Error connecting to 192.168.3.8 (Connection refused)
Connection to 192.168.3.8 failed
NetBIOS over TCP disabled -- no workgroup available
----
>
> ...and please post a summary if you get this and the Staroffice/lucene
> search working.
----
Sure - how about a separate thread?

Craig

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-09-2007, 07:19 PM
Les Mikesell
 
Default alfresco and iptables

Craig White wrote:


iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445
-j REDIRECT --to-ports 1445
iptables -t nat -A OUTPUT -p tcp -d 192.168.3.8 --dport 445
-j REDIRECT --to-ports 1445

----
the thing I can't figure out is why they don't show up...
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

even though, I just executed...


You need to explicitly list the nat table:

iptables --list -t nat



-A PREROUTING -d 192.168.3.8 -p tcp -m tcp --dport 139 -j REDIRECT
--to-ports 1139
-A OUTPUT -d 192.168.3.8 -p tcp -m tcp --dport 139 -j REDIRECT
--to-ports 1139




At any rate, this hasn't changed anything ;-(



I don't think you need the '-m udp/tcp' entries but I'm not sure if they
hurt anything.


--
Les Mikesell
lesmikesell@gmail.com

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-09-2007, 07:28 PM
Craig White
 
Default alfresco and iptables

On Sun, 2007-12-09 at 14:19 -0600, Les Mikesell wrote:
> Craig White wrote:
> >>
> >> iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445
> >> -j REDIRECT --to-ports 1445
> >> iptables -t nat -A OUTPUT -p tcp -d 192.168.3.8 --dport 445
> >> -j REDIRECT --to-ports 1445
> > ----
> > the thing I can't figure out is why they don't show up...
> > # iptables -L
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > even though, I just executed...
>
> You need to explicitly list the nat table:
>
> iptables --list -t nat
----
OK - cool, they're there (line wrapping certain to occur but I'm not
gonna fix it)

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere alfresco.tobyhouse.com tcp
dpt:microsoft-ds redir ports 1445
REDIRECT tcp -- anywhere alfresco.tobyhouse.com tcp
dpt:netbios-ssn redir ports 1139
REDIRECT udp -- anywhere alfresco.tobyhouse.com udp
dpt:netbios-ns redir ports 1137
REDIRECT udp -- anywhere alfresco.tobyhouse.com udp
dpt:netbios-dgm redir ports 1138

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere alfresco.tobyhouse.com tcp
dpt:microsoft-ds redir ports 1445
REDIRECT tcp -- anywhere alfresco.tobyhouse.com tcp
dpt:netbios-ssn redir ports 1139
REDIRECT udp -- anywhere alfresco.tobyhouse.com udp
dpt:netbios-dgm redir ports 1138
REDIRECT udp -- anywhere alfresco.tobyhouse.com udp
dpt:netbios-ns redir ports 1137
----
>
>
> > -A PREROUTING -d 192.168.3.8 -p tcp -m tcp --dport 139 -j REDIRECT
> > --to-ports 1139
> > -A OUTPUT -d 192.168.3.8 -p tcp -m tcp --dport 139 -j REDIRECT
> > --to-ports 1139
>
> >
> > At any rate, this hasn't changed anything ;-(
>
>
> I don't think you need the '-m udp/tcp' entries but I'm not sure if they
> hurt anything.
----
I really didn't, I just did an 'service iptables save' and then listed
the output of /etc/sysconfig/iptables just to see what rules were in
place. Evidently, when you save the current rule set by 'service
iptables save', it added the -m tcp/udp designations.

Craig

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 02:45 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org