need help on port forward using iptables.

Hi,

I trying to port forwarding between internet and internal server. Here
is how my network configured:


----[ internet_ip ]-----> 172.16.1.10 [gateway] ---> 192.168.1.10
port 9009 -------------> port 20

I hv used this configuration but not working

iptables -t nat -A PREROUTING -p tcp -i eth1 -d 172.16.1.10 --dport 9009
-j DNAT --to 192.168.1.10:20
iptables -A FORWARD -p tcp -i eth1 -d 192.168.1.10 --dport 20 -j ACCEPT


I try to connect to port via telnet and there is no open port:
telnet 172.16.1.10 9009


--
jsuthan
Zues linux team
http://www.mypulau.com

jsuthan wrote:
> Hi,
>
> I trying to port forwarding between internet and internal server. Here
> is how my network configured:
>
>
> ----[ internet_ip ]-----> 172.16.1.10 [gateway] ---> 192.168.1.10
> port 9009 -------------> port 20
>
> I hv used this configuration but not working
>
> iptables -t nat -A PREROUTING -p tcp -i eth1 -d 172.16.1.10 --dport 9009
> -j DNAT --to 192.168.1.10:20
> iptables -A FORWARD -p tcp -i eth1 -d 192.168.1.10 --dport 20 -j ACCEPT
>
>
> I try to connect to port via telnet and there is no open port:
> telnet 172.16.1.10 9009
>
>

ops addon...

i try to connect from 172.16.1.10 to 192.168.1.10 and not from internet_ip.

--
jsuthan
Zues linux team
http://www.mypulau.com

On Mon, 16 Jan 2006 20:23:28 +0800, jsuthan wrote:

> jsuthan wrote:
>> Hi,
>>
>> I trying to port forwarding between internet and internal server. Here
>> is how my network configured:
>>
>> ----[ internet_ip ]-----> 172.16.1.10 [gateway] ---> 192.168.1.10
>>
>> I hv used this configuration but not working
>>
>> iptables -t nat -A PREROUTING -p tcp -i eth1 -d 172.16.1.10 --dport 9009
>> -j DNAT --to 192.168.1.10:20
>> iptables -A FORWARD -p tcp -i eth1 -d 192.168.1.10 --dport 20 -j ACCEPT
>>
>> I try to connect to port via telnet and there is no open port:
>> telnet 172.16.1.10 9009
>>
>
> ops addon...
>
> i try to connect from 172.16.1.10 to 192.168.1.10 and not from internet_ip.

Is the App that you want to connect to from the internet even listening on
port 20?


--

Regards
Robert

Smile... it increases your face value!


----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

Robert wrote:
> On Mon, 16 Jan 2006 20:23:28 +0800, jsuthan wrote:
>
>
>>jsuthan wrote:
>>
>>>Hi,
>>>
>>>I trying to port forwarding between internet and internal server. Here
>>>is how my network configured:
>>>
>>>----[ internet_ip ]-----> 172.16.1.10 [gateway] ---> 192.168.1.10
>>>
>>>I hv used this configuration but not working
>>>
>>>iptables -t nat -A PREROUTING -p tcp -i eth1 -d 172.16.1.10 --dport 9009
>>>-j DNAT --to 192.168.1.10:20
>>>iptables -A FORWARD -p tcp -i eth1 -d 192.168.1.10 --dport 20 -j ACCEPT
>>>
>>>I try to connect to port via telnet and there is no open port:
>>>telnet 172.16.1.10 9009
>>>
>>
>>ops addon...
>>
>>i try to connect from 172.16.1.10 to 192.168.1.10 and not from internet_ip.
>
>
> Is the App that you want to connect to from the internet even listening on
> port 20?
>
>

The port is open at 192.168.1.10 port 20 and not at 172.16.1.10. I try
to connect from 172.16.1.10 and not from internet_ip.

--
jsuthan
Zues linux team
http://www.mypulau.com

On Tue, 17 Jan 2006 20:09:51 +0800, jsuthan wrote:

>> Is the App that you want to connect to from the internet even listening on
>> port 20?
>
> The port is open at 192.168.1.10 port 20 and not at 172.16.1.10. I try
> to connect from 172.16.1.10 and not from internet_ip.

So how are you trying to connect? What command/s are you giving/using?


--

Regards
Robert

Smile... it increases your face value!


----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

Robert wrote:
> On Tue, 17 Jan 2006 20:09:51 +0800, jsuthan wrote:
>
>>> Is the App that you want to connect to from the internet even listening on
>>> port 20?
>> The port is open at 192.168.1.10 port 20 and not at 172.16.1.10. I try
>> to connect from 172.16.1.10 and not from internet_ip.
>
> So how are you trying to connect? What command/s are you giving/using?
>
>
google it :P or read the manual

edd wrote:
> Robert wrote:
>
>> On Tue, 17 Jan 2006 20:09:51 +0800, jsuthan wrote:
>>
>>>> Is the App that you want to connect to from the internet even
>>>> listening on
>>>> port 20?
>>>
>>> The port is open at 192.168.1.10 port 20 and not at 172.16.1.10. I
>>> try to connect from 172.16.1.10 and not from internet_ip.
>>
>>
>> So how are you trying to connect? What command/s are you giving/using?
>>
>>
> google it :P or read the manual

well linux is good os.. problem is that I hv a complex firewall
configuration. I added that line at bottom while communication already
chopped off at top of iptables statement. I resolve it by adding a new
table for iptables.

iptables -N ript
for cif in $slan
do
for port in $sport
do
iptables -A ript -i eth0 -p tcp -s $cif -d $ipwan --dport $port -j ACCEPT
iptables -A ript -i eth0 -p udp -s $cif -d $ipwan --dport $port -j ACCEPT
done
iptables -A ript -i eth0 -s $cif -d $localnet -j DROP
iptables -A ript -i eth0 -s $cif -d $everywhere -j ACCEPT
done


then inject this new table after passing filtering and tweaking.

--
jsuthan
Zues linux team
http://www.mypulau.com

Robert wrote:
> On Tue, 17 Jan 2006 20:09:51 +0800, jsuthan wrote:
>
>
>>>Is the App that you want to connect to from the internet even listening on
>>>port 20?
>>
>>The port is open at 192.168.1.10 port 20 and not at 172.16.1.10. I try
>>to connect from 172.16.1.10 and not from internet_ip.
>
>
> So how are you trying to connect? What command/s are you giving/using?
>
>

to test communication I use telnet.

--
jsuthan
Zues linux team
http://www.mypulau.com