From: Carlos Mtz-Troncoso <cmartinez@uninorte.edu.co>
To: netfilter@vger.kernel.org
Subject: Port forwarding problem
Date: Sat, 16 Oct 2010 07:53:16 -0500 [thread overview]
Message-ID: <4CB9A03C.7020700@uninorte.edu.co> (raw)
Hi fellows.
Google, howtos and examples couldn't help me, now I am here. I am using
a CentOS 5.5. with kernel 2.6.18-194.17.1.el5, iptables version 1.3.5.
My server has 2 network cards, eth0 is for Internet with an IP address
fixed, and eth1, 10.1.1.1/16 is for local network (10.1.0.0/16). In this
server I have OpenVPN working well and the is used as gateway.
My script worked well and the last change was to add a port forwarding:
the traffic from IP public port 2020 is sent to a internal web sever
10.1.1.7:80. The internal server has as gateway 10.1.1.1 (my Linux
IPTables box).
My problem is that the port forwarding is not working, here is my script.
LOOP=127.0.0.1
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
iptables -F
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t mangle
iptables -F -t nat
iptables -X
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -i eth0 -s $LOOP -j DROP
iptables -A FORWARD -i eth0 -s $LOOP -j DROP
iptables -A INPUT -i eth0 -d $LOOP -j DROP
iptables -A FORWARD -i eth0 -d $LOOP -j DROP
iptables -A FORWARD -i eth0 -s 172.16.0.0/12 -j DROP
iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP
iptables -A FORWARD -p tcp --sport 137:139 -o eth0 -j DROP
iptables -A FORWARD -p udp --sport 137:139 -o eth0 -j DROP
iptables -A FORWARD -p udp --sport 500:4500 -o eth0 -j DROP
iptables -A OUTPUT -p tcp --sport 137:139 -o eth0 -j DROP
iptables -A OUTPUT -p udp --sport 137:139 -o eth0 -j DROP
iptables -I FORWARD -o eth0 -p tcp -m multiport --dports
25,81,3389,12796,32976,10443,50,500,4500,2020,80 -j ACCEPT
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD -j DROP
iptables -A INPUT -s $LOOP -j ACCEPT
iptables -A INPUT -d $LOOP -j ACCEPT
# Permitir pings entrantes (pueden desabilitarse)
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 222 -j ACCEPT
iptables -A INPUT -p tcp --dport 2020 -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -p udp --dport 5000 -j ACCEPT
iptables -I FORWARD -i tun0 -o eth1 -j ACCEPT
iptables -I FORWARD -i eth1 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tap0 -o eth1 -j ACCEPT
iptables -I FORWARD -i eth1 -o tap0 -j ACCEPT
iptables -I FORWARD -i tap0 -o eth0 -j ACCEPT
iptables -I FORWARD -i eth0 -o tap0 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -o eth0 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state NEW -o eth0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i eth0 -d x.x.x.130 --dport 2020
-j DNAT --to 10.1.1.7:80
iptables -t nat -A POSTROUTING -j SNAT -o eth0 --to-source x.x.x.130
Where is my error?
Thanks in advance.
Carlos
next reply other threads:[~2010-10-16 12:53 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-16 12:53 Carlos Mtz-Troncoso [this message]
2010-10-16 13:13 ` Port forwarding problem Pascal Hambourg
2010-10-16 13:19 ` Carlos Mtz-Troncoso
2010-10-16 13:37 ` Pascal Hambourg
2010-10-16 14:01 ` Carlos Mtz-Troncoso
2010-10-16 18:19 ` Pascal Hambourg
-- strict thread matches above, loose matches on Subject: below --
2008-04-24 19:17 Port Forwarding Problem Ivan Hernandez
2008-04-25 19:49 ` Grant Taylor
2005-07-18 5:17 George Esperanza
2005-04-15 10:36 Julian Labuschagne
2005-04-15 10:34 Julian Labuschagne
2005-04-15 8:40 ` Samuel Díaz García
2005-04-15 11:23 ` Julian Labuschagne
2005-04-15 14:32 ` Taylor, Grant
2005-04-15 14:40 ` Jason Opperisano
2003-02-25 18:06 Tom Smith
2003-02-25 20:14 ` Willi Dyck
2003-02-25 21:53 ` Tom Smith
2003-02-26 3:20 ` Arnt Karlsen
[not found] ` <3E5C3DEE.70104@openadventures.org>
2003-02-26 14:07 ` Arnt Karlsen
[not found] <001601c2d1fa$669894e0$990da8c0@..153.service>
2003-02-11 19:11 ` Port forwarding problem DarKRaveR
2003-02-11 19:14 ` Rob Sterenborg
2003-02-11 18:21 Danila Octavian
2003-01-29 0:56 port " Ian McBeth
2003-01-28 8:14 oarojo
2003-01-29 1:21 ` Arnt Karlsen
2002-11-14 4:29 Port " Tom Elsesser
2002-11-24 20:40 ` Joel Newkirk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CB9A03C.7020700@uninorte.edu.co \
--to=cmartinez@uninorte.edu.co \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.