From: Tom Smith <tom@openadventures.org>
To: netfilter@lists.netfilter.org, wdyck@gmx.net
Subject: Re: Port Forwarding Problem
Date: Tue, 25 Feb 2003 14:53:19 -0700 [thread overview]
Message-ID: <3E5BE5CF.70007@openadventures.org> (raw)
In-Reply-To: <20030225201418.GA1099@tekilla.homeip.net>
[-- Attachment #1: Type: text/plain, Size: 1867 bytes --]
Found the problem...the GATEWAY on 20.246 was set to a different router
and not the firewall.
It started working after I changed it--thanks for your help!!!
Willi Dyck wrote:
>On Tue, Feb 25, 2003 at 11:06:55AM -0700, Tom Smith wrote:
>
>
>>Having problem forwarding 216.161.174.4 port 8241 to 192.168.20.246 port 22.
>>
>>I added the following rule to run DNAT:
>>$IPTABLES -t nat -A PREROUTING -p tcp -d 216.161.174.4 --dport 8241 -j
>>DNAT --to-destination 192.168.20.246:22
>>
>>
>
>Good.
>
>
>
>>What I saw when trying to connect to the port from a remote host was:
>>uccinet kernel: IN=eth1 OUT=eth0 SRC=64.158.129.226 DST=192.168.20.246
>>LEN=60 TOS=0x10 PREC=0x00 TTL=45 ID=63685 DF PROTO=TCP SPT=2030 DPT=22
>>WINDOW=5840 RES=0x00 SYN URGP=0
>>
>>I later learned that I also needed some FORWARD rules to make it work.
>>The default script had most of them. I added:
>>$IPTABLES -A FORWARD -d 192.168.20.246 -p tcp --dport 22 -j ACCEPT
>>
>>
>
>Better. Much better would be a second rule which allows the way back
>from 192.168.20.246.
>
>$IPTABLES -A FORWARD -s 192.168.20.246 -p tcp --sport 22 -j ACCEPT
>
>What I see in your 'iptables -nL' output is that you allow everything
>in the FORWARD chain which has a state ESTABLISHED and/or RELATED, thus
>the second rule above isn't necessery. Does 192.168.20.246 have routing
>entry back to the inet? Also, what is the output of 'iptables -nvL
>FORWARD'?
>
>
>
>>Chain FORWARD (policy DROP)
>>target prot opt source destination
>>ACCEPT tcp -- 0.0.0.0/0 192.168.20.246 tcp dpt:22
>>ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
>>ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>>drop-and-log-it all -- 0.0.0.0/0 0.0.0.0/0
>>
>>
>
>Regards -- Willi
>
>
>
[-- Attachment #2: Type: text/html, Size: 2396 bytes --]
next prev parent reply other threads:[~2003-02-25 21:53 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-25 18:06 Port Forwarding Problem Tom Smith
2003-02-25 20:14 ` Willi Dyck
2003-02-25 21:53 ` Tom Smith [this message]
2003-02-26 3:20 ` Arnt Karlsen
[not found] ` <3E5C3DEE.70104@openadventures.org>
2003-02-26 14:07 ` Arnt Karlsen
-- strict thread matches above, loose matches on Subject: below --
2010-10-16 12:53 Port forwarding problem Carlos Mtz-Troncoso
2010-10-16 13:13 ` Pascal Hambourg
2010-10-16 13:19 ` Carlos Mtz-Troncoso
2010-10-16 13:37 ` Pascal Hambourg
2010-10-16 14:01 ` Carlos Mtz-Troncoso
2010-10-16 18:19 ` Pascal Hambourg
2008-04-24 19:17 Port Forwarding Problem Ivan Hernandez
2008-04-25 19:49 ` Grant Taylor
2005-07-18 5:17 George Esperanza
2005-04-15 10:36 Julian Labuschagne
2005-04-15 10:34 Julian Labuschagne
2005-04-15 8:40 ` Samuel Díaz García
2005-04-15 11:23 ` Julian Labuschagne
2005-04-15 14:32 ` Taylor, Grant
2005-04-15 14:40 ` Jason Opperisano
[not found] <001601c2d1fa$669894e0$990da8c0@..153.service>
2003-02-11 19:11 ` Port forwarding problem DarKRaveR
2003-02-11 19:14 ` Rob Sterenborg
2003-02-11 18:21 Danila Octavian
2003-01-29 0:56 port " Ian McBeth
2003-01-28 8:14 oarojo
2003-01-29 1:21 ` Arnt Karlsen
2002-11-14 4:29 Port " Tom Elsesser
2002-11-24 20:40 ` Joel Newkirk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E5BE5CF.70007@openadventures.org \
--to=tom@openadventures.org \
--cc=netfilter@lists.netfilter.org \
--cc=wdyck@gmx.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.