| Home | Register | Members | Search | Links |
 |
| Thread Tools | Display Modes |
|
Guest
Posts: n/a
|
|
|
|
||
|
|
| |
|
Guest
Posts: n/a
|
On Sat, 6 Sep 2008 06:20:28 +0200, Stefan Malte Schumacher <(E-Mail Removed)> wrote:
>Hi > >I have a probably rather simple problem with iptables and port >forwarding and I hope that someone here can help me. I want to run >iMule on a computer behind the firewall and want to forward the >relevant ports. Everything except the forwarding is working nicely. >Considering this diagram - >http://upload.wikimedia.org/wikipedi...-traversal.png >placing the prerouting-rules before the rules for the INPUT and >FORWARD chains seemed the logical thing to do. The application is >still complaining that it is firewalled - what am I doing wrong ? > >This is my current setup, the lines marked with a ">" are the ones I >added. Of course I also added 88886 tcp and 8887 udp in the list of >allowed ports in lines 7-8. > > > iptables -t filter -P INPUT DROP > iptables -t filter -P FORWARD DROP > iptables -t filter -P OUTPUT ACCEPT > >> iptables -t nat -A PREROUTING -p tcp --dport 8886 -j DNAT --to 192.168.99.12:8886 >> iptables -t nat -A PREROUTING -p udp --dport 8887 -j DNAT --to 192.168.99.12:8887 > > iptables -t filter -N tcprules > > iptables -t filter -A tcprules -i ppp0 -p tcp -m multiport --dports 6882,11827,9987,8794,8886 -j ACCEPT > iptables -t filter -A tcprules -i ppp0 -p udp -m multiport --dports 11931,9987,8794,8887 -j ACCEPT > > iptables -t filter -A tcprules -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -t filter -A tcprules -i ppp0 -m state --state NEW,INVALID -j DROP > iptables -t filter -A tcprules -i ! ppp0 -j ACCEPT > > iptables -t filter -A INPUT -j tcprules > iptables -t filter -A FORWARD -j tcprules > > iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.99.0/24 -d 0/0 -j MASQUERADE Two things to do, you're only halfway there  My setup is forwardingto a machine on localnet, but you should your solution within (this works with a bitTorrent client): MSTATE="-m state --state" X_WORLD="ppp0" .... # for torrent (1 of 2) if [ -n "$TORRENT_PORT" ] then iptables -t nat -A PREROUTING -p tcp -i $X_WORLD \ --dport $TORRENT_PORT \ -j DNAT --to-destination $TORRENT_HOST iptables -t nat -A PREROUTING -p udp -i $X_WORLD \ --dport $TORRENT_PORT \ -j DNAT --to-destination $TORRENT_HOST fi .... # for torrent, tcp only (2 of 2, other part in NAT) if [ -n "$TORRENT_PORT" ] then iptables -A FORWARD -p tcp $MSTATE NEW \ --dport $TORRENT_PORT -j ACCEPT iptables -A FORWARD -p udp --dport $TORRENT_PORT -j DROP fi You probably want to change FORWARD to INPUT? Your use of '-t filter' above is confusing. Grant. > >Bye >Stefan -- Cats, no less liquid than their shadows, offer no angles to the wind. |
|
|
|
|
|||
|
Guest
Posts: n/a
|
|
|
|
|
||
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| IPTables port forwarding | Miguel Sanders | Linux Networking | 1 | 10-11-2007 12:19 PM |
| Port forwarding with iptables ??? | Joe Attardi | Linux Networking | 4 | 05-10-2004 11:45 PM |
| iptables port forwarding | anonymous | Linux Networking | 1 | 01-22-2004 09:25 AM |
| iptables port forwarding | Jason Lee | Linux Networking | 4 | 10-13-2003 12:53 AM |
| Port Forwarding with iptables | Allan Bruce | Linux Networking | 0 | 08-27-2003 11:44 AM |
Linear Mode
