IPTables / Fedora Core 3 port forwarding

05-26-2005, 05:37 AM

My inbound port forwarding firewall rules no longer work after
upgrading to Fedora Core 3. Networking is working (DNS, Sendmail,
IMAP/POP, etc). IPTables is partially working: Masquerading is OK - it
is only inbound rules that don't work at all.

Here are relevant lines from my script:

###################
iptables -t filter -A FORWARD -i eth0 -m state --state
ESTABLISHED,RELATED -j \
ACCEPT
iptables -t filter -A FORWARD -i ! eth0 -m state --state NEW -j ACCEPT

# Allow connections from Inside --This works fine
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

#Inbound VNC -- does not work !!??
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5900 -j DNAT \
--to-dest 192.168.0.5

####################

What gives ?

05-26-2005, 06:57 AM

(E-Mail Removed) wrote:
> My inbound port forwarding firewall rules no longer work after
> upgrading to Fedora Core 3. Networking is working (DNS, Sendmail,
> IMAP/POP, etc). IPTables is partially working: Masquerading is OK - it
> is only inbound rules that don't work at all.
>
> Here are relevant lines from my script:
>
> ###################
> iptables -t filter -A FORWARD -i eth0 -m state --state
> ESTABLISHED,RELATED -j \
> ACCEPT
> iptables -t filter -A FORWARD -i ! eth0 -m state --state NEW -j ACCEPT
>
> # Allow connections from Inside --This works fine
> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
>
>
> #Inbound VNC -- does not work !!??
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5900 -j DNAT \
> --to-dest 192.168.0.5
>
> ####################
>
> What gives ?
>
Recompile IPTables manually with all modules. Check linux netfilter
kernel modules, if installation of FC3 change kernel.

05-26-2005, 07:47 AM

On Wed, 25 May 2005 22:37:18 -0700, lars wrote:

> My inbound port forwarding firewall rules no longer work after
> upgrading to Fedora Core 3. Networking is working (DNS, Sendmail,
> IMAP/POP, etc). IPTables is partially working: Masquerading is OK - it
> is only inbound rules that don't work at all.
>
> Here are relevant lines from my script:
>
> ###################
> iptables -t filter -A FORWARD -i eth0 -m state --state
> ESTABLISHED,RELATED -j \
> ACCEPT
> iptables -t filter -A FORWARD -i ! eth0 -m state --state NEW -j ACCEPT

Is there any reason you only want to forward NEW packets and not
ESTABLISHED and RELATED as well?

Is there any reason why you are accepting EVERYTHING on EVERY PORT? Just
accept port 5900.

iptables -t filter -A FORWARD -i [external interface] \
-p tcp --dport 5900 -j ACCEPT # Accept all states but only TCP port 5900
on the internet.

> # Allow connections from Inside --This works fine
> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
>
>
> #Inbound VNC -- does not work !!??
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5900 -j DNAT \
> --to-dest 192.168.0.5
>
> ####################
>
> What gives ?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Serial Port Problem Fedora Core 6	bricherg@lanecc.edu	Linux Networking	2	04-08-2007 07:23 PM
Strange SSH halting problem between Fedora Core 2/Fedora Core 3	Jonathan Abbey	Linux Networking	4	12-03-2004 05:00 PM
Port forwarding with iptables ???	Joe Attardi	Linux Networking	4	05-10-2004 11:45 PM
iptables port forwarding	anonymous	Linux Networking	1	01-22-2004 09:25 AM
Iptables nat firewall under fedora core 1	Jim	Linux Networking	0	12-16-2003 05:24 PM