View Single Post
  #10  
Old 10th June 2008, 06:31
chillifire chillifire is offline
HowtoForge Supporter
 
Join Date: Oct 2007
Posts: 75
Thanks: 3
Thanked 3 Times in 3 Posts
Default Output of the test

After trying several solutions adding the following to my iptables did the trick:

Code:
# allows forwarded packages to go through the firewall, which otherwise only allows established connections to be forwarded 
iptables -A FORWARD -o tun+ -j ACCEPT
# this the magic that does the IP address and port translation - obviouslys you need one for every router
iptables -A PREROUTING --table nat -d 1.2.3.4 -p tcp --dport 8004 -j DNAT --to-destination 10.8.0.4:8080
iptables -A PREROUTING --table nat -d 1.2.3.4 -p tcp --dport 8005 -j DNAT --to-destination 10.8.0.5:8080
iptables -A PREROUTING --table nat -d 1.2.3.4 -p tcp --dport 8006 -j DNAT --to-destination 10.8.0.6:8080
iptables -A PREROUTING --table nat -d 1.2.3.4 -p tcp --dport 8007 -j DNAT --to-destination 10.8.0.7:8080
# you'll need one generic rule so that the pakets can find their way back properly 
iptables -A POSTROUTING --table nat -o tun+ -j MASQUERADE
I got the hint with the postrouting from the Ubuntu forums, the Forwarding filter ACCEPT was my addition. I begin to understand what is going on here. Scary :0

Last edited by chillifire; 10th June 2008 at 08:04.
Reply With Quote