Re: forwarding on the same NIC - John A. Sullivan III

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "John A. Sullivan III" <john.sullivan@nexusmgmt.com>
To: alucard@kanux.com
Cc: netfilter@lists.netfilter.org
Subject: Re: forwarding on the same NIC
Date: Mon, 10 May 2004 18:26:32 -0400	[thread overview]
Message-ID: <1084227992.14224.5.camel@localhost> (raw)
In-Reply-To: <1292.192.168.74.154.1084226963.squirrel@192.168.74.154>

Alas, I discarded your original e-mail with the set up info when I saw
you received a credible reply.  However, have you set up either a packet
trace to see if the packets are getting lost on the wire or logging
rules at the various points within iptables to see if where the
unexpected behavior is happening in iptables?

On Mon, 2004-05-10 at 18:09, alucard@kanux.com wrote:
> Hi again...
> 
>    I did it, and nothing happens, the 2nd webserver is fully operational
> and I cant get to it from my server/router. Here's my nmap test:
> 
> PORT     STATE SERVICE
> 21/tcp   open  ftp
> 22/tcp   open  ssh
> 25/tcp   open  smtp
> 80/tcp   open  http
> 143/tcp  open  imap
> 3306/tcp open  mysql
> 
> and there's no 8080 port that could be getting packets
> 
> And here's my script again... maybe I'm missing something else...
> 
> -------------
> echo "Borrando posibles reglas anteriores..."
> iptables -F
> iptables -X
> 
> echo "Habilitando politicas de negacion total de paquetes"
> 
> iptables -P FORWARD DROP
> iptables -P INPUT DROP
> 
> echo "Reglas para paquetes de entrada y salida"
> 
> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> 
> iptables -A INPUT -p tcp --dport 21 -j ACCEPT
> iptables -A INPUT -p tcp --dport 25 -j ACCEPT
> iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> 
> ##internas
> iptables -A INPUT -i eth0 -p tcp --dport 143 -j ACCEPT
> iptables -A INPUT -i lo -p tcp --dport 143 -j ACCEPT
> iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --dport 110 -j ACCEPT
> 
> #para el forward a la maquina compaq
> 
> echo 0 > /proc/sys/net/ipv4/ip_forward
> iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables -A FORWARD -i eth0 -p tcp --dport 80 -j ACCEPT
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT
> --to-destination 10.73.219.77:80
> echo 1 > /proc/sys/net/ipv4/ip_forward
> -------------
> 
> Any sugestions pals?
> Thanx again for your great help
> Juan
> 
> 
> 
> > On Monday 10 May 2004 8:36 pm, alucard@kanux.com wrote:
> >
> >> Hi there...
> >>
> >>    I have been using netfilter for a while and now, I have to integrate
> >> some other servers and somehow I can't get it to forward packets.
> >
> > Change:
> >
> >> iptables -A FORWARD -i eth0 -p tcp --dport 8080 -j ACCEPT
> >
> > Into:
> >
> > iptables -A FORWARD -i eth0 -p tcp --dport 80 -j ACCEPT
> >
> > Remember that PREROUTING (where you are changing the port number) happens
> > before FORWARD.
> >
> > Regards,
> >
> > Antony.
> >
> > --
> > I don't know, maybe if we all waited then cosmic rays would write all our
> > software for us. Of course it might take a while.
> >
> >  - Ron Minnich, Los Alamos National Laboratory
> >
> >                                                      Please reply to the
> > list;
> >                                                            please don't CC
> > me.
> >
> >
> >
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com

next prev parent reply	other threads:[~2004-05-10 22:26 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-05-10 19:36 forwarding on the same NIC alucard
2004-05-10 20:15 ` Antony Stone
2004-05-10 22:09   ` alucard
2004-05-10 22:26     ` John A. Sullivan III [this message]
2004-05-11 13:49       ` alucard
2004-05-11 15:09         ` John A. Sullivan III
2004-05-11 15:38           ` alucard
2004-05-11 16:26             ` Aleksandar Milivojevic
2004-05-11 19:20               ` alucard
2004-05-11 20:37                 ` Aleksandar Milivojevic
2004-05-11 17:04             ` John A. Sullivan III
2004-05-11 19:35               ` alucard
2004-05-11 20:09                 ` John A. Sullivan III
2004-05-11 21:02                   ` alucard
2004-05-10 20:55 ` Alistair Tonner
  -- strict thread matches above, loose matches on Subject: below --
2004-05-11 17:30 Daniel Chemko
2004-05-11 22:18 Daniel Chemko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1084227992.14224.5.camel@localhost \
    --to=john.sullivan@nexusmgmt.com \
    --cc=alucard@kanux.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.