[WBEL-users] OT iptables DNAT forwarding

[Bill Davidsen]

This is a multi-part message in MIME format.
--------------010901060108060306020806
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Daniel T. Gynn wrote:
> I know this is off topic, but I figured I'd give it a shot.
> 
> I am going crazy trying to forward pop3 requests to another server.
> Everywhere I see on the internet, it seems to be correct. If I access
> from an internal address, it seems to work, but from an external one, it
> just times out. My rules are:
> 
> $IPTABLES -A PREROUTING -t nat -p tcp --dport 110 -j DNAT --to $POP3
> $IPTABLES -A FORWARD -p tcp --dport pop3 -j ACCEPT
> 
> 
> I've even tried setting all rules to ACCEPT and it still won't work. Am
> I forgetting something?

Okay, so you're accepting in INPUT.

I find the ideal way to debug stuff like this is to run tcpdump on both 
NICs and catch all of the packets in files. Then decode the files into 
sed and sort to catch the case where a SYN coms in on one NIC and the 
SYN/ACK goes out on the other, or has the wrong source, or ...

I can't seem to inline the code, so I'll attach it. Call with the host 
and protocol names. Run in "script" to capture output.

-- 
bill davidsen <davidsen@tmr.com>
   CTO TMR Associates, Inc
   Doing interesting things with small computers since 1979

--------------010901060108060306020806
Content-Type: text/plain;
 name="tkbolero"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="tkbolero"

#!/bin/bash

# connection tracker
#   tracker [ host [ tcp protocol ] ]

# these are the defaults I want
host=${1:-my.default.host}
port=${2:-smtp}

echo "Tracking smtp to $host"
for n in eth0 eth1
do
 tcpdump -i $n -v -w$n.tcpd host ${host} and port ${port} &
done; sleep 2
echo -n "Press ENTER to stop tracking: "
read ans
killall tcpdump; sleep 2

# display the packets
for n in eth{0,1}; do
 tcpdump -r$n.tcpd -v | sed "s/ / $n /"
done

--------------010901060108060306020806--