iptables port redirection

Hi,


I have been trying to get port forwarding working on my Linux gateway.

I have a D-Link DSL604+ Router, with DMZ set to forward all traffic to
my Linux box. From there, I want to port forward/redirect to other
boxes - using iptables - (eg, port 3389 & 80 to a windows box).

I have tried using commands like this:
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j DNAT --to
192.168.0.2:80

I still haven't been able to get it to work.

I am running Kernel Version 2.6.9 and iptables version 1.2.7a
I have tried installing iptables version 1.2.11, but I can't get it to
work:

[root@tux iptables-1.2.11]# make KERNEL_DIR=/usr/src/linux-2.6.9/
Extensions found: IPv4:addrtype IPv4:recent IPv6:ah IPv6:esp IPv6:frag
IPv6:ipv6header IPv6:hbh IPv6:dst IPv6:rt
[root@tux iptables-1.2.11]# make install
KERNEL_DIR=/usr/src/linux-2.6.9/
[root@tux iptables-1.2.11]# /etc/init.d/iptables start
[root@tux iptables-1.2.11]# iptables -V
iptables v1.2.7a


Does anyone know if it is a problem with my setup, or if I need to
find a way to get iptables 1.2.11 going? Are there any known issues
between kernel 2.6.9 and iptables 1.2.7a?


Thankyou all for your help

On 2005-01-06, Luke Robertson <(E-Mail Removed)> wrote:
> I have tried using commands like this:
> iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j DNAT --to
> 192.168.0.2:80

Looks correct.

> I still haven't been able to get it to work.

Meaning? Can you see the packets coming in? The packets are not routed?
Did you opened port 80 in your firewall? Is your ISP blocking port 80
by any chance?

Davide

--
Better dead than Redmond.

On 06 Jan 2005 (E-Mail Removed) (Luke Robertson) wrote in
comp.os.linux.security
[news:(E-Mail Removed)]:

> I have been trying to get port forwarding working on my Linux gateway.
>
> I have a D-Link DSL604+ Router, with DMZ set to forward all traffic to
> my Linux box. From there, I want to port forward/redirect to other
> boxes - using iptables - (eg, port 3389 & 80 to a windows box).
>
> I have tried using commands like this:
> iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j DNAT --to
> 192.168.0.2:80
>
> I still haven't been able to get it to work.

What is your default policy on the FORWARD chain? If it is not set to
ACCEPT, you'll need a rule to allow packets to 192.168.0.2, 80/TCP.

iptables -A FORWARD -p tcp -d 192.168.0.2 --dport 80 -j ACCEPT (--syn -o
ethx)

If using the --syn flag, you should have a RELATED state rule in the
FORWARD chain also. ethx = network interface of the 192.168.0.x subnet.

Make sure you have ip forwarding enabled (/proc/sys/net/ipv4/ip_forward is
1)

> [root@tux iptables-1.2.11]# iptables -V
> iptables v1.2.7a

Do a "which iptables". You probably have 1.2.7a in /usr/sbin and 1.2.11 in
/usr/local/sbin.

--
Thaddaeus Kong
Some things are true, even if you choose not to believe them.

In article <(E-Mail Removed)>,
Luke Robertson <(E-Mail Removed)> wrote:
:
:I have been trying to get port forwarding working on my Linux gateway.
:
:I have a D-Link DSL604+ Router, with DMZ set to forward all traffic to
:my Linux box. From there, I want to port forward/redirect to other
:boxes - using iptables - (eg, port 3389 & 80 to a windows box).
:
:I have tried using commands like this:
:iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j DNAT --to
:192.168.0.2:80
:
:I still haven't been able to get it to work.

Is your kernel allowing packet forwarding at all? What does

cat /proc/sys/net/ipv4/ip_forward

show? If that comes back "0", then you'll need to run

echo 1 >/proc/sys/net/ipv4/ip_forward

--
Bob Nichols AT comcast.net I am "rnichols42"