Re: how to access port forwarded server through internet ?

["J. Bakshi" <joydeep@infoservices.in>]

Any clue please ?


On Tue, 15 Mar 2011 19:22:01 +0530
"J. Bakshi" <joydeep@infoservices.in> wrote:

> Hello Remzi,
> 
> Thanks for your kind response. Yes the forwarding is enable as I have it in my script
> 
> `````````````````
> echo 1 >  /proc/sys/net/ipv4/ip_forward
> `````````````````````
> 
> But no luck :-( here is the modified rule
> 
> iptables -A INPUT -p tcp -m tcp --dport 81 -j ACCEPT
> iptables -A PREROUTING -t nat -i ${LAN_IFACE} -p tcp --dport 81 -j DNAT --to 192.168.1.2:8080
> iptables -A FORWARD -p tcp -m state --state NEW,ESTABLISHED --dport 81 -i ${LAN_IFACE} -j ACCEPT
> 
> 
> On Tue, 15 Mar 2011 15:16:18 +0200
> Remzi AKYÃœZ <linuxliste@gmail.com> wrote:
> 
> > Hello,
> > forwarding is enable?
> > can you try this;
> > 
> > #sysctl -w net.ipv4.ip_forward=1
> > #iptables -A FORWARD -p tcp -m state --state NEW,ESTABLISHED --dport 81 
> > -i ${LAN_IFACE} -j ACCEPT
> > 
> > 
> > On 03/15/2011 02:29 PM, J. Bakshi wrote:
> > > Dear list,
> > >
> > > Here is a port forwarding issue.  I have a linux router which have two NIC; one facing WAN and the other facing LAN. IP forwarding is active and this box is working as a gateway. This box has LAN IP 192.168.1.1
> > >
> > > There is another box (webserver) 192.168.1.2 within the internal network and the router box has port forwarding to access the webserver.
> > >
> > > ```````````````````````````
> > > iptables -A INPUT -p tcp -m tcp --dport 81 -j ACCEPT
> > > iptables -A PREROUTING -t nat -i ${LAN_IFACE} -p tcp --dport 81 -j DNAT --to 192.168.1.2:8080
> > > iptables -A FORWARD -p tcp -m state --state NEW --dport 81 -i ${LAN_IFACE} -j ACCEPT
> > > ````````````````````````````
> > >
> > > So within LAN I can access the 192.168.1.2 web server through  192.168.1.1:81 as port forwarding is there. But I can not access the same through internet. If I point at<domain-name>:81 throught internet ; the browser simply reports it can't connect to the service; though the other services running at that very server are quite accessible through internet. Have I missed something in my firewall rule ? Could anyone give any clue please ?
> > >
> > > Thanks
> > > --
> > > To unsubscribe from this list: send the line "unsubscribe netfilter" in
> > > the body of a message to majordomo@vger.kernel.org
> > > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html