Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > Iptables and Port Forwarding Issues.

Reply
Thread Tools Display Modes

Iptables and Port Forwarding Issues.

 
 
spears.chris@gmail.com
Guest
Posts: n/a

 
      09-28-2005, 06:34 PM
I am trying to forward a single port from the outside box (linux) to
the inside box (win2k3 server). The service on the inside machine is a
webserver on a nonstandard port.

I have tried these iptables lines and they have failed me.

iptables -t nat -A PREROUTING -p tcp -i eth0 -d 65.xx.xx.xx --dport 188
-j DNAT --to 192.168.1.xxx:188
iptables -A FORWARD -p tcp -i eth0 -d 192.168.1.xxx --dport 188 -j
ACCEPT

My setup.

internt <---> 65.*.*.* eth0 <linux box> 192.168.1.1 eth0:0 <--->
192.168.1.* <win2k3 server>

>From the linux machine I can request pages from the 192.168.1.* address
just fine http://192.168.1.*:188 I want to be able to access the pages
via 65.*.*.*:188

the only other rules I use are:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 
Reply With Quote
 
 
 
 
Ken
Guest
Posts: n/a

 
      09-28-2005, 08:59 PM
Hi Chris -

On 28 Sep 2005 11:34:47 -0700, (E-Mail Removed) wrote:

>iptables -t nat -A PREROUTING -p tcp -i eth0 -d 65.xx.xx.xx --dport 188
>-j DNAT --to 192.168.1.xxx:188

This should work when the request is actually coming from the
internet.

If the request is coming the 192.168.1.x network, I think it won't
work because of
-i eth0

Try it without
-i eth0

--
Ken
http://www.ke9nr.net/
 
Reply With Quote
 
spears.chris@gmail.com
Guest
Posts: n/a

 
      09-28-2005, 09:49 PM
> >iptables -t nat -A PREROUTING -p tcp -i eth0 -d 65.xx.xx.xx --dport 188
> >-j DNAT --to 192.168.1.xxx:188
>
> This should work when the request is actually coming from the
> internet.
>
> If the request is coming the 192.168.1.x network, I think it won't
> work because of
> -i eth0
>
> Try it without
> -i eth0
>


Ken,

Not really sure why removing the -i eth0 worked but it did. I was
testing exclusively from outside the network all packets were comming
in over the external interface. Once I removed the -i eth0 it started
working.

Thanks,
Chris
 
Reply With Quote
 
Ken
Guest
Posts: n/a

 
      09-29-2005, 03:45 AM
Hi Chris -

On 28 Sep 2005 14:49:19 -0700, (E-Mail Removed) wrote:

>Not really sure why removing the -i eth0 worked but it did. I was
>testing exclusively from outside the network all packets were comming
>in over the external interface. Once I removed the -i eth0 it started
>working.

I suggest using a LOG rule temporarily so that you can see what is
going on.

--
Ken
http://www.ke9nr.net/
 
Reply With Quote
 
 
 
Reply

« Stale filehandles again | Cannot join windows machines to samba domain with openldap backend »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTables port forwarding Miguel Sanders Linux Networking 1 10-11-2007 12:19 PM
iptables port forwarding anonymous Linux Networking 1 01-22-2004 09:25 AM
iptables port forwarding Jason Lee Linux Networking 4 10-13-2003 12:53 AM
port forwarding with iptables Allan Bruce Linux Networking 9 09-24-2003 04:31 PM
Port Forwarding with iptables Allan Bruce Linux Networking 0 08-27-2003 11:44 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11