* Suse 9.1 port forwarding woes
@ 2005-01-10 20:28 Nathan March
2005-01-10 20:32 ` Jason Opperisano
0 siblings, 1 reply; 4+ messages in thread
From: Nathan March @ 2005-01-10 20:28 UTC (permalink / raw)
To: netfilter
Despite my best attempts, I cannot seem to get port forwarding working
on a suse 9.1 machine using iptables.
My firewall.sh:
#!/bin/bash
IPTABLES='/usr/sbin/iptables'
EXTIF='eth0'
INTIF1='eth1'
INTIF2='eth2'
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -X
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
$IPTABLES -A FORWARD -m state --state ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -p icmp -m state --state RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF -m state --state
NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -m state --state
NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT
$IPTABLES -A INPUT --protocol tcp --dport 25 -j ACCEPT
$IPTABLES -A INPUT --protocol tcp --dport 143 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -d 192.168.0.3 --protocol tcp --dport 80 -j
ACCEPT
$IPTABLES -A PREROUTING -i eth0 -t nat -p tcp --dport 80 -j DNAT --to
192.168.0.3:80
After the script runs:
linux:~ # iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
ESTABLISHED
ACCEPT icmp -- anywhere anywhere state RELATED
ACCEPT all -- anywhere anywhere state
NEW,ESTABLISHED
ACCEPT all -- anywhere anywhere state
NEW,ESTABLISHED
ACCEPT tcp -- anywhere 192.168.0.3 tcp
dpt:http flags:FIN,SYN,RST,ACK/SYN state NEW
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
linux:~ # iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp
dpt:http to:192.168.0.3
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Anyone have any ideas what I'm doing wrong?
Thanks,
Nathan
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Suse 9.1 port forwarding woes
2005-01-10 20:28 Nathan March
@ 2005-01-10 20:32 ` Jason Opperisano
0 siblings, 0 replies; 4+ messages in thread
From: Jason Opperisano @ 2005-01-10 20:32 UTC (permalink / raw)
To: netfilter
On Mon, Jan 10, 2005 at 12:28:53PM -0800, Nathan March wrote:
> Despite my best attempts, I cannot seem to get port forwarding working
> on a suse 9.1 machine using iptables.
>
> My firewall.sh:
>
> #!/bin/bash
>
> IPTABLES='/usr/sbin/iptables'
>
> EXTIF='eth0'
> INTIF1='eth1'
> INTIF2='eth2'
>
> /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
>
> $IPTABLES -F
> $IPTABLES -t nat -F
> $IPTABLES -X
>
> $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
>
> $IPTABLES -A FORWARD -m state --state ESTABLISHED -j ACCEPT
> $IPTABLES -A FORWARD -p icmp -m state --state RELATED -j ACCEPT
>
>
> $IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF -m state --state
> NEW,ESTABLISHED -j ACCEPT
> $IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -m state --state
> NEW,ESTABLISHED -j ACCEPT
>
> $IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT
> $IPTABLES -A INPUT --protocol tcp --dport 25 -j ACCEPT
> $IPTABLES -A INPUT --protocol tcp --dport 143 -j ACCEPT
>
> $IPTABLES -A FORWARD -i eth0 -d 192.168.0.3 --protocol tcp --dport 80 -j
> ACCEPT
> $IPTABLES -A PREROUTING -i eth0 -t nat -p tcp --dport 80 -j DNAT --to
> 192.168.0.3:80
>
>
> After the script runs:
> linux:~ # iptables --list
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
> ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
> ACCEPT tcp -- anywhere anywhere tcp dpt:imap
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state
> ESTABLISHED
> ACCEPT icmp -- anywhere anywhere state RELATED
> ACCEPT all -- anywhere anywhere state
> NEW,ESTABLISHED
> ACCEPT all -- anywhere anywhere state
> NEW,ESTABLISHED
> ACCEPT tcp -- anywhere 192.168.0.3 tcp
> dpt:http flags:FIN,SYN,RST,ACK/SYN state NEW
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> linux:~ # iptables -t nat --list
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> DNAT tcp -- anywhere anywhere tcp
> dpt:http to:192.168.0.3
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> MASQUERADE all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Anyone have any ideas what I'm doing wrong?
i can tell you that the output of "iptables --list" you provide here does
not reflect the script above. which might be the root of your problem.
-j
--
"The lesson is: Our God is vengeful! O spiteful one, show me who to
smite and they shall be smoten!!!"
--The Simpsons
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Suse 9.1 port forwarding woes
@ 2005-01-11 1:30 Nathan March
2005-01-11 12:41 ` Jason Opperisano
0 siblings, 1 reply; 4+ messages in thread
From: Nathan March @ 2005-01-11 1:30 UTC (permalink / raw)
To: netfilter
Argh, I copied and pasted the wrong stuff over.
Correct:
ace:~ # iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
ESTABLISHED
ACCEPT icmp -- anywhere anywhere state RELATED
ACCEPT all -- anywhere anywhere state
NEW,ESTABLISHED
ACCEPT all -- anywhere anywhere state
NEW,ESTABLISHED
ACCEPT tcp -- anywhere 192.168.0.3 tcp dpt:http
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ace:~ # iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp
dpt:http to:192.168.0.3:80
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Suse 9.1 port forwarding woes
2005-01-11 1:30 Suse 9.1 port forwarding woes Nathan March
@ 2005-01-11 12:41 ` Jason Opperisano
0 siblings, 0 replies; 4+ messages in thread
From: Jason Opperisano @ 2005-01-11 12:41 UTC (permalink / raw)
To: netfilter
On Mon, 2005-01-10 at 20:30, Nathan March wrote:
> Argh, I copied and pasted the wrong stuff over.
>
> Correct:
>
> ace:~ # iptables --list
i shoulda mentioned this in my last post--can you post the output of
"iptables -vnxL && iptables -t nat -vnxL" instead of just "iptables
--list" as we cannot see interface names or other information that may
be releavent.
also--is this firewall machine the default gateway for 192.168.0.3?
-j
--
"Do you want to change your name to Homer Junior? The kids can call
you Hoju!"
--The Simpsons
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-01-11 12:41 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-01-11 1:30 Suse 9.1 port forwarding woes Nathan March
2005-01-11 12:41 ` Jason Opperisano
-- strict thread matches above, loose matches on Subject: below --
2005-01-10 20:28 Nathan March
2005-01-10 20:32 ` Jason Opperisano
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.