Problem with NAT

Hi All,

I have a configuration with two PCs.

PC1 is connected to the internet using eth0
================================================== ====
[root@localhost log]# /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:E0:4C:BE:59:0F
inet addr:89.190.194.54 Bcast:89.190.194.63
Mask:255.255.255.224
inet6 addr: fe80::2e0:4cff:febe:590f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:66537 errors:0 dropped:0 overruns:0 frame:0
TX packets:5829 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5840782 (5.5 MiB) TX bytes:620009 (605.4 KiB)
Interrupt:16

eth1 Link encap:Ethernet HWaddr 00:80:AD:7D:C7:21
inet addr:10.120.81.129 Bcast:10.120.81.255
Mask:255.255.255.0
inet6 addr: fe80::280:adff:fe7d:c721/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2346 errors:0 dropped:0 overruns:0 frame:0
TX packets:3768 errors:6 dropped:0 overruns:0 carrier:6
collisions:0 txqueuelen:1000
RX bytes:362721 (354.2 KiB) TX bytes:3263516 (3.1 MiB)
Interrupt:17 Base address:0x2000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3361 errors:0 dropped:0 overruns:0 frame:0
TX packets:3361 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1850613 (1.7 MiB) TX bytes:1850613 (1.7 MiB)

================================================== ==
89.190.194.54 is static real IP provided my from my ISP

================================================== ==
eth1 is a second NIC which is connected to my second PC

================================================== ==
PC2
root:~> ifconfig
eth0 Link encap:Ethernet HWaddr 02:80:AD:20:31:B8
inet addr:10.120.81.139 Bcast:10.120.81.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1672 errors:0 dropped:0 overruns:0 frame:0
TX packets:1026 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
Interrupt:48

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0


================================================== ==========
I have telnet server on PC2 and would like to connect to it from
outside
(I can telnet PC2 from PC1)

================================================== =====
I have specified the following rules in my iptables
[root@localhost log]# /sbin/iptables-save
# Generated by iptables-save v1.3.5 on Thu Jan 25 20:18:56 2007
*nat
:PREROUTING ACCEPT [3279:408077]
:POSTROUTING ACCEPT [6:398]
:OUTPUT ACCEPT [84:5817]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 23 -j DNAT --to-destination
10.120.81.139
-A POSTROUTING -o eth0 -j SNAT --to-source 89.190.194.54
COMMIT
# Completed on Thu Jan 25 20:18:56 2007
# Generated by iptables-save v1.3.5 on Thu Jan 25 20:18:56 2007
*filter
:INPUT ACCEPT [566:48344]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1021:172479]
-A INPUT -s 10.120.81.139 -i eth1 -p tcp -j ACCEPT
-A INPUT -i eth0 -p tcp -j ACCEPT
-A FORWARD -d 89.190.194.54 -i eth0 -p tcp -m tcp --dport 23 -j ACCEPT
COMMIT
# Completed on Thu Jan 25 20:18:56 2007

================================================== ================
But still I can not telnet my PC2 from ouside netwok
Can somone tell me what should I try/monitor/sniff so I figure out the
problem.
Note that I am new to linux so probably I am missing something simple

Thank you for your time!
dpenev

On Thu, 25 Jan 2007 11:31:32 -0800, dpenev wrote:

> Hi All,
>
> I have a configuration with two PCs.
>
> I have telnet server on PC2 and would like to connect to it from
> outside
> (I can telnet PC2 from PC1)

I would advise you to switch to SSH when doing anything from the outside.

> ================================================== =====
> I have specified the following rules in my iptables
> [root@localhost log]# /sbin/iptables-save
> # Generated by iptables-save v1.3.5 on Thu Jan 25 20:18:56 2007
> *nat
> :PREROUTING ACCEPT [3279:408077]
> :POSTROUTING ACCEPT [6:398]
> :OUTPUT ACCEPT [84:5817]
> -A PREROUTING -i eth0 -p tcp -m tcp --dport 23 -j DNAT --to-destination
> 10.120.81.139
> -A POSTROUTING -o eth0 -j SNAT --to-source 89.190.194.54
> COMMIT
> # Completed on Thu Jan 25 20:18:56 2007
> # Generated by iptables-save v1.3.5 on Thu Jan 25 20:18:56 2007
> *filter
> :INPUT ACCEPT [566:48344]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [1021:172479]
> -A INPUT -s 10.120.81.139 -i eth1 -p tcp -j ACCEPT
> -A INPUT -i eth0 -p tcp -j ACCEPT
> -A FORWARD -d 89.190.194.54 -i eth0 -p tcp -m tcp --dport 23 -j ACCEPT

What is this rule used for?

> COMMIT
> # Completed on Thu Jan 25 20:18:56 2007
>
> ================================================== ================
> But still I can not telnet my PC2 from ouside netwok
> Can somone tell me what should I try/monitor/sniff so I figure out the
> problem.

Well if you are looking to learn then first sniff PC2 and see if any
traffic is getting to it

Then Sniff the inside interface of PC! to see if the traffic is getting to
that interface and how it is configured.


> Note that I am new to linux so probably I am missing something simple

Might be can you surf the web from PC2?
Is forwarding turned on?


--

Regards
Robert

Smile... it increases your face value!


----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----