#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Posts
    60
    Rep Power
    0

    Iptables port forwarding does not work while i have 2 routes


    Hi,

    On my linux server I have 2 routes:

    Code:
    	nexthop via 123.201.254.5  dev eth0 weight 38
    	nexthop via 111.93.155.149  dev eth2 weight 36
    I have a iptable rule like :

    iptables -t nat -A PREROUTING -p tcp -i eth0 -d 123.201.254.7 --dport 84 -j DNAT --to 192.168.1.200:80

    Now, when I try to telnet from public it does not work

    telnet 123.201.254.7 84
    Trying 123.201.254.7...

    tcpdump -

    Code:
    [root@firewall ~]# tcpdump -i eth0 -n -n port 84
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
    08:28:26.630850 IP 180.151.36.168.41514 > 123.201.254.7.84: S 3097544796:3097544796(0) win 14600 <mss 1460,sackOK,timestamp 1963738 0,nop,wscale 4>
    08:28:29.635321 IP 180.151.36.168.41514 > 123.201.254.7.84: S 3097544796:3097544796(0) win 14600 <mss 1460,sackOK,timestamp 1964490 0,nop,wscale 4>
    08:28:35.642453 IP 180.151.36.168.41514 > 123.201.254.7.84: S 3097544796:3097544796(0) win 14600 <mss 1460,sackOK,timestamp 1965992 0,nop,wscale 4>
    08:28:47.674757 IP 180.151.36.168.41514 > 123.201.254.7.84: S 3097544796:3097544796(0) win 14600 <mss 1460,sackOK,timestamp 1969000 0,nop,wscale 4>
    08:29:11.704090 IP 180.151.36.168.41514 > 123.201.254.7.84: S 3097544796:3097544796(0) win 14600 <mss 1460,sackOK,timestamp 1975008 0,nop,wscale 4>

    Could somebody please advise what is missing....

    Thanks
    Ashok
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Posts
    60
    Rep Power
    0
    This is resolved.

    You will see such tcpdump - when the dst host blocks.

    Thanks
    Ashok

IMN logo majestic logo threadwatch logo seochat tools logo