port forward using iptables not happening

port forward using iptables not happening

[deepali]

[-- Attachment #1: Type: text/plain, Size: 898 bytes --]

Dear Support
My setup is ..I have one linux box having eth0(valid ip202.140.152.33) and eth1(invalid ip-local lan192.168.220.250) .I have one more machine in my Local Lan (192.168.220.90) which is a mail server in my local LAN.Now I want to 
1.enable port forwarding ie any request comming on 202.140.152.33 port 285 should get forwarded to 192.168.220.90 port 25 my mail server.

2.Also any request comming from my lan ie 192.168.220.0/24 to invalid ip of linux box ie 192.168.220.90 285 should also forwarded to my Mail server in lan ie 192.168.220.30 port 25.

My first synario is also not working.

my rules are

iptables -t nat -A PREROUTING -i eth0  -p tcp -d 202.140.136.90 --dport 285 -j DNAT 182.168.220.90:25

iptables -t nat -A POSTROUTING  -o eth0 -j MASQURADE
iptables -t nat -A POSTROUTING -s 192.168.220.0/24 -j MASQURADE

Pls help


Thanks and Regards
Deepali


[-- Attachment #2: Type: text/html, Size: 1772 bytes --]

Re: port forward using iptables not happening

[José Alberto Aguilar González]

Is your box routing packets?
(do you have /proc/sys/net/ipv4/ip_forward="1")

At 12:14 05/07/2002 +0530, you wrote:
>Dear Support
>My setup is ..I have one linux box having eth0(valid ip202.140.152.33) and 
>eth1(invalid ip-local lan192.168.220.250) .I have one more machine in my 
>Local Lan (192.168.220.90) which is a mail server in my local LAN.Now I 
>want to
>1.enable port forwarding ie any request comming on 202.140.152.33 port 285 
>should get forwarded to 192.168.220.90 port 25 my mail server.
>
>2.Also any request comming from my lan ie 192.168.220.0/24 to invalid ip 
>of linux box ie 192.168.220.90 285 should also forwarded to my Mail server 
>in lan ie 192.168.220.30 port 25.
>
>My first synario is also not working.
>
>my rules are
>
>iptables -t nat -A PREROUTING -i eth0 -p tcp -d 202.140.136.90 --dport 285 
>-j DNAT 182.168.220.90:25
>
>iptables -t nat -A POSTROUTING  -o eth0 -j MASQURADE
>iptables -t nat -A POSTROUTING -s 192.168.220.0/24 -j MASQURADE
>
>Pls help
>
>
>Thanks and Regards
>Deepali
>

-----------------------------------------------------------------------
Saludos, Regards, Saluti, Salutations, Grüße
-----------------------------------------------------------------------
Jose Alberto Aguilar González
Departamento de Tecnología Electrónica
Universidad de Málaga - España
E-mail: jaag@dte.uma.es

RE: port forward using iptables not happening

[Stewart Thompson]

[-- Attachment #1: Type: text/plain, Size: 1481 bytes --]

Hi Deepali:

            Questions:

            1) Is packet forwarding enabled networking?
            2) Is this your full rule set?
            3) What is your forward policy/rules? DNAT/SNAT is not enough if
you don’t forward it.


Do a iptables –L –v, and post it to the group. Also your full rule set.

Stu……….


-----Original Message-----
From: netfilter-admin@lists.samba.org
[mailto:netfilter-admin@lists.samba.org]On Behalf Of deepali
Sent: July 4, 2002 11:45 PM
To: netfilter@lists.samba.org
Subject: port forward using iptables not happening

Dear Support
My setup is ..I have one linux box having eth0(valid ip202.140.152.33) and
eth1(invalid ip-local lan192.168.220.250) .I have one more machine in my
Local Lan (192.168.220.90) which is a mail server in my local LAN.Now I want
to
1.enable port forwarding ie any request comming on 202.140.152.33 port 285
should get forwarded to 192.168.220.90 port 25 my mail server.

2.Also any request comming from my lan ie 192.168.220.0/24 to invalid ip of
linux box ie 192.168.220.90 285 should also forwarded to my Mail server in
lan ie 192.168.220.30 port 25.

My first synario is also not working.

my rules are

iptables -t nat -A PREROUTING -i eth0 -p tcp -d 202.140.136.90 --dport
285 -j DNAT 182.168.220.90:25

iptables -t nat -A POSTROUTING  -o eth0 -j MASQURADE
iptables -t nat -A POSTROUTING -s 192.168.220.0/24 -j MASQURADE

Pls help


Thanks and Regards
Deepali


[-- Attachment #2: Type: text/html, Size: 13657 bytes --]

Re: port forward using iptables not happening

[Jan Humme]

On Friday 05 July 2002 08:44, deepali wrote:
> Dear Support
> My setup is ..I have one linux box having eth0(valid ip202.140.152.33) and
> eth1(invalid ip-local lan192.168.220.250) .I have one more machine in my
> Local Lan (192.168.220.90) which is a mail server in my local LAN.Now I
> want to 1.enable port forwarding ie any request comming on 202.140.152.33
> port 285 should get forwarded to 192.168.220.90 port 25 my mail server.
>
> 2.Also any request comming from my lan ie 192.168.220.0/24 to invalid ip of
> linux box ie 192.168.220.90 285 should also forwarded to my Mail server in
> lan ie 192.168.220.30 port 25.
>
> My first synario is also not working.
>
> my rules are
>
> iptables -t nat -A PREROUTING -i eth0  -p tcp -d 202.140.136.90 --dport 285
> -j DNAT 182.168.220.90:25

You must have seen syntax error complaints about the DNAT option from 
iptables; in fact it should be:

#iptables -t nat -A PREROUTING -i eth0 -p tcp -d 202.140.136.90 --dport 285 
-j DNAT --to-destination 192.168.220.90:25

> iptables -t nat -A POSTROUTING  -o eth0 -j MASQURADE

Should read: MASQUERADE, but in that case is OK, and allows your local 
machines to get out to the internet.

> iptables -t nat -A POSTROUTING -s 192.168.220.0/24 -j MASQURADE

?? Why? Isn't this already covered by the previous masquerading rule?

And how about:

#iptables -t nat -A PREROUTING -p tcp -d 192.168.220.90 --dport 285 -j DNAT 
--to-destination 192.168.220.90:25

This is the exact equivalent of your point 2), only expressed in iptables 
syntax.

Jan Humme.

Re: port forward using iptables not happening

[deepali]

Dear
There was a typing mistake in syntax which i had given
I have entered the correct one in my iptable.
IF i am enabling ip_forward then there is no need to put put another iptable
prerouting rule for LAN ip the request should automatically get forwarded to
other interface ..which is not happening.
CAN u pls help me to get thru for my first case.
in tcp dump i can see the packet getting forwarded to 192.168.220.90:25 port
but cant see the reverse packet??
What could be the problem

Thanks and Regards
Deepali

----- Original Message -----
From: "Jan Humme" <jan.humme@xs4all.nl>
To: "deepali" <deepali@gecsl.com>; <netfilter@lists.samba.org>
Sent: Friday, July 05, 2002 4:50 PM
Subject: Re: port forward using iptables not happening


> On Friday 05 July 2002 08:44, deepali wrote:
> > Dear Support
> > My setup is ..I have one linux box having eth0(valid ip202.140.152.33)
and
> > eth1(invalid ip-local lan192.168.220.250) .I have one more machine in my
> > Local Lan (192.168.220.90) which is a mail server in my local LAN.Now I
> > want to 1.enable port forwarding ie any request comming on
202.140.152.33
> > port 285 should get forwarded to 192.168.220.90 port 25 my mail server.
> >
> > 2.Also any request comming from my lan ie 192.168.220.0/24 to invalid ip
of
> > linux box ie 192.168.220.90 285 should also forwarded to my Mail server
in
> > lan ie 192.168.220.30 port 25.
> >
> > My first synario is also not working.
> >
> > my rules are
> >
> > iptables -t nat -A PREROUTING -i eth0  -p tcp -d 202.140.136.90 --dport
285
> > -j DNAT 182.168.220.90:25
>
> You must have seen syntax error complaints about the DNAT option from
> iptables; in fact it should be:
>
> #iptables -t nat -A PREROUTING -i eth0 -p tcp -d 202.140.136.90 --dport
285
> -j DNAT --to-destination 192.168.220.90:25
>
> > iptables -t nat -A POSTROUTING  -o eth0 -j MASQURADE
>
> Should read: MASQUERADE, but in that case is OK, and allows your local
> machines to get out to the internet.
>
> > iptables -t nat -A POSTROUTING -s 192.168.220.0/24 -j MASQURADE
>
> ?? Why? Isn't this already covered by the previous masquerading rule?
>
> And how about:
>
> #iptables -t nat -A PREROUTING -p tcp -d 192.168.220.90 --dport 285 -j
DNAT
> --to-destination 192.168.220.90:25
>
> This is the exact equivalent of your point 2), only expressed in iptables
> syntax.
>
> Jan Humme.
>