iptable: open port 9999

08-24-2004, 09:59 AM

Hi,
I have a problem with iptables because I don't understand it.
This is my LAN config.

|-----------------|
| |
| .... = wireless |
| ---- = cable |
| |
|-----------------|

(SERVER) .................. (AccessPoint)-----(Router)
|
|
|
|
(CLIENT)

ROUTER: IPR (= IP of ROUTER)
SERVER:
CARD1: IPC1 (wireless card connected to router)
CARD2: IPC2 (LAN card)
CLIENT: IPC3

I want open port 9999 for CLIENT.

This is my script but it seems not work

================================================== ==============

echo "Setting Internet access."
iptables -F ; iptables -t nat -F ; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o CARD1 -j SNAT --to IPC1

echo "Setting port tcp:9999"
echo "Setting FORWARD"
iptables -A FORWARD -p TCP -i CARD1 -o CARD2 -d IPC3 --dport 9999 \
-j ACCEPT
echo "Setting PREROUTING"
iptables -t nat -A PREROUTING -p tcp -d IPC1 --dport 9999 \
-j DNAT --to IPC3:9999

echo "All done."

================================================== ==============

I can use Internet only.

Can anyhow help me ?

Thanks.

08-27-2004, 12:23 PM

Nicola <(E-Mail Removed)> wrote news

an.2004.08.24.10.14.51.130927
@retre.it:
> I want open port 9999 for CLIENT.

What do you means exactly ? your client calls an url like
http://www.web.com:9999 or you want someone from internet connect to the
port 9999 on your client ?

> echo "Setting Internet access."
> iptables -F ; iptables -t nat -F ; iptables -t mangle -F
> iptables -t nat -A POSTROUTING -o CARD1 -j SNAT --to IPC1

It seems that your IPC1 server is a public address. Correct ?

> echo "Setting port tcp:9999"
> echo "Setting FORWARD"
> iptables -A FORWARD -p TCP -i CARD1 -o CARD2 -d IPC3 --dport 9999 \
> -j ACCEPT
> echo "Setting PREROUTING"
> iptables -t nat -A PREROUTING -p tcp -d IPC1 --dport 9999 \
> -j DNAT --to IPC3:9999

You forward connections from outside to port 9999 on your server to your
client. Is that realy what you want ?

Give more information on your server and router :

- ifconfig -a
- iptables -L
- iptables -t nat -L

....

Ragards

08-27-2004, 04:41 PM

Il Fri, 27 Aug 2004 12:23:04 +0000, Antoine EMERIT ha scritto:

> What do you means exactly ? your client calls an url like
> http://www.web.com:9999 or you want someone from internet connect to the
> port 9999 on your client ?

Both if it's possible

> - iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

> - iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- anywhere anywhere to:IPC1

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

thanks

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
I need to show time of the year as 9999 instead 1999	vtanna1@gmail.com	Linux Networking	8	04-26-2009 02:23 AM
Socket connection to port fails despite port open / listening !	Jack	Linux Networking	2	12-19-2007 03:46 PM
open ports on the router port 1900udp and port 5643 tcp	James	Broadband Hardware	0	02-20-2005 08:07 AM
IPTABLE: using same port for 2 PC behind firewall (linux-box)	Nicola	Linux Networking	6	10-07-2004 09:24 AM
open port 443	Bob	Wireless Internet	8	05-29-2004 01:15 AM