Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

 [WTA]DNAT on debian...looking for sifus

views
     
TSroimekoi
post Nov 19 2016, 04:57 PM, updated 8y ago

Casual
***
Junior Member
337 posts

Joined: Jul 2007
is there a example of working DNAT configuration(iptables)?



i tries to setup an DNAT once a few month before with the current settings which is still working properly

all servers already configured with correct gateway .
does the pc that do the telnet need to change anything?


the one that i failed to dnat is as follows
i tried to telnet ,but it cannot telnet in

145.245 is ip of root@loadbalancer1
root@loadbalancer1:~# iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere             mark match 0x200 /*  FARM_ATMC_0_  */ to:xxxxxx.145.217:8889
DNAT       tcp  --  anywhere             anywhere             mark match 0x201 /*  FARM_ATMC_1_  */ to:xxxxxx.145.241:8889



Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination



Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination


root@CMS-HTTP2-dep2(/)# netstat -nr
Routing tables
Destination Gateway Flags Refs Use If Exp Groups

Route Tree for Protocol Family 2 (Internet):
default xxx.xxx.145.245 UG 4 3863 en0 - - =>
default xxx.xxx.145.1 UG 2 654 en0 - -
xxx.xxx.0.0 xxx.xxx.145.217 UHSb 0 0 en0 - - =>
xxx.xxx/16 xxx.xxx.145.217 U 28 339523 en0 - -
xx.xxx.255.255 xxx.xxx.145.217 UHSb 0 8 en0 - -
127/8 127.0.0.1 U 5 228443 lo0 - -
- -

This post has been edited by roimekoi: Nov 19 2016, 07:31 PM
TSroimekoi
post Nov 21 2016, 02:10 PM

Casual
***
Junior Member
337 posts

Joined: Jul 2007
2:56:25.212900 IP XXX.XXX.145.247.64803 > XXX.XXX.145.245.9999: S 4136342108:4136342108(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>

12:56:25.213590 IP XXX.XXX.145.241.8889 > XXX.XXX.145.247.64803: S 3578393323:3578393323(0) ack 4136342109 win 65535 <mss 1460,nop,wscale 3>

12:56:25.213636 IP XXX.XXX.145.247.64803 > XXX.XXX.145.241.8889: R 4136342109:4136342109(0) win 0


failed at handshake
TSroimekoi
post Nov 29 2016, 06:22 AM

Casual
***
Junior Member
337 posts

Joined: Jul 2007
answer:
for dnat configuration the requester cannot be in the same networkasthe router(load balancer). using other network,i can telnet in properly

 

Change to:
| Lo-Fi Version
0.0283sec    0.56    5 queries    GZIP Disabled
Time is now: 29th March 2024 - 08:50 PM