From: Herman <Herman@AerospaceSoftware.com>
To: netfilter@lists.netfilter.org
Subject: Re: Port forwarding doesn't work.
Date: Sun, 12 Oct 2003 17:00:12 -0600 [thread overview]
Message-ID: <200310121700.13102.Herman@AerospaceSoftware.com> (raw)
In-Reply-To: <200310121604.06545.Herman@AerospaceSoftware.com>
Hi guys,
Well, I now downgraded to netfilter version 1.2.5-1 and the complaints went
away, though I still haven't gotten forwarding to work and this is the
version where I last had it working - sigh...
Here is my problem:
I need to forward a port from outside the firewall, to everybody on the
inside. All examples I have seen forwards to a specific IP on the inside,
which doesn't go well with DHCP. The man page says that specifying a range
of IPs will trigger a round robin effect, which I don't think I want to
happen. So, how now brown cow?
I'm testing this with the Nectarine Demoscene radio station and xmms, since
that is way easier than messing with the government services that I actually
need this for. Nectarine needs port 8002 to be forwarded. On the server, it
works and the address to put into xmms is http://130.231.60.129:8002/
On my laptop, I can't get it to work, though I had it working a couple of
months ago, with these firewall rules:
echo " DNAT Forward port 8002 for Nectarine Demoscene Radio"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8002 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport 8002 -j DNAT --to
192.168.10.245:8002
If I display the rules, I can't see any forwarding rules in the list, which
tells me that the forwarding rules that I try to implement are simply ignored
by iptables:
iptables -v -L
Chain INPUT (policy ACCEPT 55251 packets, 13M bytes)
pkts bytes target prot opt in out source
destination
2 96 DROP all -- any any d142-59-155-57.abhsia.telus.net
anywhere
2 96 DROP all -- any any
s142-59-150-199.ab.hsia.telus.net anywhere
3 188 DROP all -- any any
d142-59-172-230.abhsia.telus.net anywhere
2 96 DROP all -- any any d142-59-59-12.abhsia.telus.net
anywhere
2 96 DROP all -- any any
d142-59-162-102.abhsia.telus.net anywhere
2 96 DROP all -- any any
d142-59-176-107.abhsia.telus.net anywhere
1 64 DROP all -- any any d142-59-78-76.abhsia.telus.net
anywhere
2 96 DROP all -- any any d142-59-80-67.abhsia.telus.net
anywhere
1 48 DROP all -- any any
d142-59-152-127.abhsia.telus.net anywhere
2 96 DROP all -- any any 142.59.143.156 anywhere
2 128 DROP all -- any any 142.59.137.22 anywhere
0 0 DROP all -- any any d142-59-63-31.abhsia.telus.net
anywhere
2 96 DROP all -- any any 142.59.141.9 anywhere
2 96 DROP all -- any any 142.59.143.244 anywhere
0 0 DROP all -- any any d142-59-10-57.abhsia.telus.net
anywhere
2 96 DROP all -- any any
d142-59-216-157.abhsia.telus.net anywhere
2 96 DROP all -- any any alik57zgy55og.ab.hsia.telus.net
anywhere
2 96 DROP all -- any any d142-59-95-82.abhsia.telus.net
anywhere
2 96 DROP all -- any any
d142-59-225-188.abhsia.telus.net anywhere
2 96 DROP all -- any any trialserver.americoac.com
anywhere
2 96 DROP all -- any any 142.59.137.249 anywhere
2 96 DROP all -- any any d142-59-144-7.abhsia.telus.net
anywhere
1 48 DROP all -- any any d142-59-81-170.abhsia.telus.net
anywhere
2 96 DROP all -- any any a6jp39qoy31v4.ab.hsia.telus.net
anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 56800 packets, 63M bytes)
pkts bytes target prot opt in out source
destination
--
How can the FORWARD chain be empty, since MASQUERADE is working and my laptop
can surf the web?
Why are my new forwarding rules ignored?
How can I debug this stuff and see where the packets are going/not going?
Can anybody shed light on this?
Cheers,
--
Herman Oosthuysen
B.Eng(E), MIEEE
Aerospace Software Ltd.
Ph: 1.403.241-8773, Cell: 1.403.852-5545, Fx: 1.403.241-8841
Herman@AerospaceSoftware.com, http://www.AerospaceSoftware.com
next prev parent reply other threads:[~2003-10-12 23:00 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-12 7:41 Invalid friggen argument Herman
2003-10-12 11:08 ` Willy TARREAU
2003-10-12 15:46 ` Herman
2003-10-12 17:44 ` Mark E. Donaldson
2003-10-12 18:18 ` Herman
2003-10-12 20:11 ` Port forwarding doesn't work Herman
2003-10-12 21:41 ` Gerd Zemella
2003-10-12 22:04 ` Herman
2003-10-12 23:00 ` Herman [this message]
2003-10-13 0:10 ` Philip Craig
2003-10-13 0:20 ` Herman
2003-10-13 0:40 ` Herman
2003-10-13 1:17 ` Arnt Karlsen
2003-10-13 13:06 ` Robert P. J. Day
2003-10-13 19:11 ` Arnt Karlsen
2003-10-13 18:05 ` Herman
2003-10-13 19:31 ` Jeffrey Laramie
2003-10-13 20:00 ` Jeffrey Laramie
2003-10-13 20:09 ` Arnt Karlsen
2003-10-13 20:47 ` Herman
2003-10-13 0:44 ` Chris Brenton
2003-10-13 1:17 ` Herman
2003-10-13 1:30 ` Herman
2003-10-13 1:52 ` Port forwarding now *almost* works Herman
2003-10-13 7:13 ` Port forwarding doesn't work Gerd Zemella
2003-10-13 14:32 ` Adam D. Barratt
2003-10-13 15:02 ` Gerd Zemella
2003-10-14 6:04 ` Invalid friggen argument Joel Newkirk
2003-10-14 13:14 ` Herman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200310121700.13102.Herman@AerospaceSoftware.com \
--to=herman@aerospacesoftware.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.