* port forwarding in a web server
@ 2003-11-24 16:13 Juan Hernandez
2003-11-24 17:11 ` Rob Sterenborg
2003-11-24 17:20 ` Jeffrey Laramie
0 siblings, 2 replies; 8+ messages in thread
From: Juan Hernandez @ 2003-11-24 16:13 UTC (permalink / raw)
To: Lista de netfilter
Hi there...
This may have been answered many times in this mailing list but I
haven't found anything on the web about something that would make my
server forward the way I want to, and what's ironic is that it seems
simple. Here's my scenario: I have a static IP address routed (1.1.1.1)
to one server using a 192.168.0.* address. Is a cisco router and
everything works fine. This server has 192.168.0.1 as it's address and
functions as a web server, everything works fine but, I have another
server that works as our mail server that is using 192.168.0.2. I've
been trying to redirect everything coming from port 25 to my mail server
but it doesn't get any answer. These are the rules I've been using:
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
#allow all outgoing traffic from the mail server
iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to 192.168.0.1
#dnat
iptables -t nat -A PREROUTING -p tcp --dport 25 -i eth0 -j DNAT --to
192.168.0.1:25
The gateway on the mailserver is 192.168.0.1 which is the webserver that
it's forwarding everything... and I have tried so many things that
sometimes the webserver stops working...
Using that configuration, if I nmap the webserver it shows that tport 25
is filtered but, if i telnet to taht port I wont get any response... and
the mailserver is running perfectly, it's just not forwarding anything
Any suggestions would be appreciated...
Thanks a lot for your time
Juan
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: port forwarding in a web server
2003-11-24 16:13 port forwarding in a web server Juan Hernandez
@ 2003-11-24 17:11 ` Rob Sterenborg
2003-11-24 17:47 ` Juan Hernandez
2003-11-24 17:56 ` Juan Hernandez
2003-11-24 17:20 ` Jeffrey Laramie
1 sibling, 2 replies; 8+ messages in thread
From: Rob Sterenborg @ 2003-11-24 17:11 UTC (permalink / raw)
To: 'Lista de netfilter'
> simple. Here's my scenario: I have a static IP address routed
> (1.1.1.1)
> to one server using a 192.168.0.* address. Is a cisco router and
> everything works fine. This server has 192.168.0.1 as it's address and
So I can assume that *ALL* traffic is routed from 1.1.1.1 to 192.168.0.1,
which has Netfilter running ?
> functions as a web server, everything works fine but, I have another
> server that works as our mail server that is using 192.168.0.2. I've
> been trying to redirect everything coming from port 25 to my
> mail server
> but it doesn't get any answer. These are the rules I've been using:
echo 0 > /proc/sys/net/ipv4/ip_forward
iptables -P FORWARD DROP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -d 192.168.0.2 -p tcp --dport 25 -j ACCEPT
iptables -t nat -A PREROUTING -d 192.168.0.1 -p tcp --dport 25 \
-j DNAT --to-destination 192.168.0.2:25
echo 1 > /proc/sys/net/ipv4/ip_forward
If you're forwarding anything else than just smtp, you have to add rules to
allow it : these rules DROP all traffic to be forwarded except smtp which is
DNAT-ed to the MTA and RELATED/ESTABLISHED traffic.
Gr,
Rob
^ permalink raw reply [flat|nested] 8+ messages in thread* RE: port forwarding in a web server
2003-11-24 17:11 ` Rob Sterenborg
@ 2003-11-24 17:47 ` Juan Hernandez
2003-11-24 17:56 ` Juan Hernandez
1 sibling, 0 replies; 8+ messages in thread
From: Juan Hernandez @ 2003-11-24 17:47 UTC (permalink / raw)
To: Rob Sterenborg; +Cc: 'Lista de netfilter'
No, the webserver (the one that has the internet address 1.1.1.1 and the
internal in another NIC 192.168.0.1) is the one that is forwarding
everything that comes to port 25 to the mailserver 192.168.0.2
Thanx
Juan
On Mon, 2003-11-24 at 13:11, Rob Sterenborg wrote:
> > simple. Here's my scenario: I have a static IP address routed
> > (1.1.1.1)
> > to one server using a 192.168.0.* address. Is a cisco router and
> > everything works fine. This server has 192.168.0.1 as it's address and
>
> So I can assume that *ALL* traffic is routed from 1.1.1.1 to 192.168.0.1,
> which has Netfilter running ?
>
> > functions as a web server, everything works fine but, I have another
> > server that works as our mail server that is using 192.168.0.2. I've
> > been trying to redirect everything coming from port 25 to my
> > mail server
> > but it doesn't get any answer. These are the rules I've been using:
>
> echo 0 > /proc/sys/net/ipv4/ip_forward
> iptables -P FORWARD DROP
> iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables -A FORWARD -d 192.168.0.2 -p tcp --dport 25 -j ACCEPT
> iptables -t nat -A PREROUTING -d 192.168.0.1 -p tcp --dport 25 \
> -j DNAT --to-destination 192.168.0.2:25
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> If you're forwarding anything else than just smtp, you have to add rules to
> allow it : these rules DROP all traffic to be forwarded except smtp which is
> DNAT-ed to the MTA and RELATED/ESTABLISHED traffic.
>
>
> Gr,
> Rob
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: port forwarding in a web server
2003-11-24 17:11 ` Rob Sterenborg
2003-11-24 17:47 ` Juan Hernandez
@ 2003-11-24 17:56 ` Juan Hernandez
1 sibling, 0 replies; 8+ messages in thread
From: Juan Hernandez @ 2003-11-24 17:56 UTC (permalink / raw)
To: Rob Sterenborg, Lista de netfilter
Thank you so much pal...
Now its working
Juan :D
On Mon, 2003-11-24 at 13:11, Rob Sterenborg wrote:
> > simple. Here's my scenario: I have a static IP address routed
> > (1.1.1.1)
> > to one server using a 192.168.0.* address. Is a cisco router and
> > everything works fine. This server has 192.168.0.1 as it's address and
>
> So I can assume that *ALL* traffic is routed from 1.1.1.1 to 192.168.0.1,
> which has Netfilter running ?
>
> > functions as a web server, everything works fine but, I have another
> > server that works as our mail server that is using 192.168.0.2. I've
> > been trying to redirect everything coming from port 25 to my
> > mail server
> > but it doesn't get any answer. These are the rules I've been using:
>
> echo 0 > /proc/sys/net/ipv4/ip_forward
> iptables -P FORWARD DROP
> iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables -A FORWARD -d 192.168.0.2 -p tcp --dport 25 -j ACCEPT
> iptables -t nat -A PREROUTING -d 192.168.0.1 -p tcp --dport 25 \
> -j DNAT --to-destination 192.168.0.2:25
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> If you're forwarding anything else than just smtp, you have to add rules to
> allow it : these rules DROP all traffic to be forwarded except smtp which is
> DNAT-ed to the MTA and RELATED/ESTABLISHED traffic.
>
>
> Gr,
> Rob
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: port forwarding in a web server
2003-11-24 16:13 port forwarding in a web server Juan Hernandez
2003-11-24 17:11 ` Rob Sterenborg
@ 2003-11-24 17:20 ` Jeffrey Laramie
1 sibling, 0 replies; 8+ messages in thread
From: Jeffrey Laramie @ 2003-11-24 17:20 UTC (permalink / raw)
To: Lista de netfilter
Juan Hernandez wrote:
>Hi there...
>
> This may have been answered many times in this mailing list but I
>haven't found anything on the web about something that would make my
>server forward the way I want to, and what's ironic is that it seems
>simple. Here's my scenario: I have a static IP address routed (1.1.1.1)
>to one server using a 192.168.0.* address. Is a cisco router and
>everything works fine. This server has 192.168.0.1 as it's address and
>functions as a web server, everything works fine but, I have another
>server that works as our mail server that is using 192.168.0.2. I've
>been trying to redirect everything coming from port 25 to my mail server
>but it doesn't get any answer. These are the rules I've been using:
>
>echo 1 > /proc/sys/net/ipv4/ip_forward
>
>modprobe iptable_nat
>
>#allow all outgoing traffic from the mail server
>
>iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to 192.168.0.1
>
>#dnat
>iptables -t nat -A PREROUTING -p tcp --dport 25 -i eth0 -j DNAT --to
>192.168.0.1:25
>
>The gateway on the mailserver is 192.168.0.1 which is the webserver that
>it's forwarding everything... and I have tried so many things that
>sometimes the webserver stops working...
>
>
I'm having trouble understanding questions this morning (maybe I need
more coffee!). Is this your configuration?
router <-> [firewall box] <-> [webserver] <-> [mailserver]
This won't work since the webserver doesn't know what to do with the
packets your sending it on port 25. You need to direct the packets to
192.168.0.2 port 25. If the mailserver is on a different LAN then you
should be using a different subnet for each LAN. You'll also have to
configure the mailserver to forward packets.
Hope this helps
Jeff
^ permalink raw reply [flat|nested] 8+ messages in thread
* port forwarding in a web server
@ 2003-11-24 16:05 Juan Hernandez
2003-11-26 15:24 ` Aldo S. Lagana
0 siblings, 1 reply; 8+ messages in thread
From: Juan Hernandez @ 2003-11-24 16:05 UTC (permalink / raw)
To: Lista de netfilter
Hi there...
This may have been answered many times in this mailing list but I
haven't found anything on the web about something that would make my
server forward the way I want to, and what's ironic is that it seems
simple. Here's my scenario: I have a static IP address routed (1.1.1.1)
to one server using a 192.168.0.* address. Is a cisco router and
everything works fine. This server has 192.168.0.1 as it's address and
functions as a web server, everything works fine but, I have another
server that works as our mail server that is using 192.168.0.2. I've
been trying to redirect everything coming from port 25 to my mail server
but it doesn't get any answer. These are the rules I've been using:
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
#allow all outgoing traffic from the mail server
iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to 192.168.0.1
#dnat
iptables -t nat -A PREROUTING -p tcp --dport 25 -i eth0 -j DNAT --to
192.168.0.1:25
The gateway on the mailserver is 192.168.0.1 which is the webserver that
it's forwarding everything... and I have tried so many things that
sometimes the webserver stops working...
Using that configuration, if I nmap the webserver it shows that tport 25
is filtered but, if i telnet to taht port I wont get any response... and
the mailserver is running perfectly, it's just not forwarding anything
Any suggestions would be appreciated...
Thanks a lot for your time
Juan
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: port forwarding in a web server
2003-11-24 16:05 Juan Hernandez
@ 2003-11-26 15:24 ` Aldo S. Lagana
2003-11-26 15:52 ` Juan Hernandez
0 siblings, 1 reply; 8+ messages in thread
From: Aldo S. Lagana @ 2003-11-26 15:24 UTC (permalink / raw)
To: 'Juan Hernandez', 'Lista de netfilter'
" it's just not forwarding anything"
Add FORWARD rules -d 192.168.0.1 -j ACCEPT
-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Juan Hernandez
Sent: Monday, November 24, 2003 11:05 AM
To: Lista de netfilter
Hi there...
This may have been answered many times in this mailing list but I
haven't found anything on the web about something that would make my
server forward the way I want to, and what's ironic is that it seems
simple. Here's my scenario: I have a static IP address routed (1.1.1.1)
to one server using a 192.168.0.* address. Is a cisco router and
everything works fine. This server has 192.168.0.1 as it's address and
functions as a web server, everything works fine but, I have another
server that works as our mail server that is using 192.168.0.2. I've
been trying to redirect everything coming from port 25 to my mail server
but it doesn't get any answer. These are the rules I've been using:
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
#allow all outgoing traffic from the mail server
iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to 192.168.0.1
#dnat
iptables -t nat -A PREROUTING -p tcp --dport 25 -i eth0 -j DNAT --to
192.168.0.1:25
The gateway on the mailserver is 192.168.0.1 which is the webserver that
it's forwarding everything... and I have tried so many things that
sometimes the webserver stops working...
Using that configuration, if I nmap the webserver it shows that tport 25
is filtered but, if i telnet to taht port I wont get any response... and
the mailserver is running perfectly, it's just not forwarding anything
Any suggestions would be appreciated...
Thanks a lot for your time
Juan
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: port forwarding in a web server
2003-11-26 15:24 ` Aldo S. Lagana
@ 2003-11-26 15:52 ` Juan Hernandez
0 siblings, 0 replies; 8+ messages in thread
From: Juan Hernandez @ 2003-11-26 15:52 UTC (permalink / raw)
To: Aldo S. Lagana; +Cc: 'Lista de netfilter'
Thank you all for your help but this was answered yesterday... if you'd
like, ill forward the mail in which it ended
Juan
On Wed, 2003-11-26 at 11:24, Aldo S. Lagana wrote:
> " it's just not forwarding anything"
>
> Add FORWARD rules -d 192.168.0.1 -j ACCEPT
>
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Juan Hernandez
> Sent: Monday, November 24, 2003 11:05 AM
> To: Lista de netfilter
>
> Hi there...
>
> This may have been answered many times in this mailing list but I
> haven't found anything on the web about something that would make my
> server forward the way I want to, and what's ironic is that it seems
> simple. Here's my scenario: I have a static IP address routed (1.1.1.1)
> to one server using a 192.168.0.* address. Is a cisco router and
> everything works fine. This server has 192.168.0.1 as it's address and
> functions as a web server, everything works fine but, I have another
> server that works as our mail server that is using 192.168.0.2. I've
> been trying to redirect everything coming from port 25 to my mail server
> but it doesn't get any answer. These are the rules I've been using:
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> modprobe iptable_nat
>
> #allow all outgoing traffic from the mail server
>
> iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to 192.168.0.1
>
> #dnat
> iptables -t nat -A PREROUTING -p tcp --dport 25 -i eth0 -j DNAT --to
> 192.168.0.1:25
>
> The gateway on the mailserver is 192.168.0.1 which is the webserver that
> it's forwarding everything... and I have tried so many things that
> sometimes the webserver stops working...
>
> Using that configuration, if I nmap the webserver it shows that tport 25
> is filtered but, if i telnet to taht port I wont get any response... and
> the mailserver is running perfectly, it's just not forwarding anything
>
> Any suggestions would be appreciated...
>
> Thanks a lot for your time
>
> Juan
>
>
>
>
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2003-11-26 15:52 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-11-24 16:13 port forwarding in a web server Juan Hernandez
2003-11-24 17:11 ` Rob Sterenborg
2003-11-24 17:47 ` Juan Hernandez
2003-11-24 17:56 ` Juan Hernandez
2003-11-24 17:20 ` Jeffrey Laramie
-- strict thread matches above, loose matches on Subject: below --
2003-11-24 16:05 Juan Hernandez
2003-11-26 15:24 ` Aldo S. Lagana
2003-11-26 15:52 ` Juan Hernandez
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.