Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

(iptables) Forwarding ports [solved]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Tanisete
Guru
Guru


Joined: 12 Mar 2004
Posts: 312
PostPosted: Wed Dec 21, 2005 10:43 pm    Post subject: (iptables) Forwarding ports [solved] Reply with quote
Hi to all!!

I've been reading some docs about how to forward packets in linux with iptables, but i should be misunderstanding something. The situation is this:

I want to redirect every package that reaches the machine (a machine that is inside my local network, but, as my router does not change ports, i have to do it somewhere) with the 24700 destination port to another machine. So i've done this small script to do that:

Code:
echo -n Aplicando Reglas de Firewall...

## FLUSH de reglas
iptables -F
iptables -X
iptables -Z
iptables -t nat -F

## Establecemos politica por defecto
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 24700 -j DNAT --to 192.168.1.33:6112
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 24700 -j DNAT --to 192.168.1.33:6112

iptables -A FORWARD -p tcp -i eth0 -o eth0 --dport 6112 -j ACCEPT
iptables -A FORWARD -p udp -i eth0 -o eth0 --dport 6112 -j ACCEPT

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward


What am i doing wrong? Is it ok? Or have I misunderstood something?

Thanks a lot to all for the help!!!

Last edited by Tanisete on Sat Dec 24, 2005 2:49 pm; edited 1 time in total
Back to top
View user's profile Send private message
tutaepaki
Apprentice
Apprentice


Joined: 11 Nov 2003
Posts: 279
Location: New Zealand
PostPosted: Thu Dec 22, 2005 12:30 am    Post subject: Reply with quote
I assume your router is set up to forward packets coming in on port 24700 to the machine running iptables?
I also assume that your router is NOT doing s source NAT of the incoming packets?

If my assumptions are correct, then what is happening, is that the iptables box is forwarding the packets to port 6112 on 192.168.1.33, but it is not doing a NAT of the source IP address. (Because you have specified the source IP for the MASQUERADE rule on the POSTROUTING chain) Therefore, 192.168.1.33 is responding to the original source, and so your iptables box is not seeing the respond to "un-NAT" the packets.

Try removing the source parameter from your MASQUERADE rule.

You don't need the FORWARD rules, the policy of ACCEPT on the FORWARD chain will take care of that.
Back to top
View user's profile Send private message
Tanisete
Guru
Guru


Joined: 12 Mar 2004
Posts: 312
PostPosted: Sat Dec 24, 2005 2:49 pm    Post subject: Reply with quote
Thanks!! I think now it's working ok. I mark it as solved :D
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy