From: Chris Brenton <cbrenton@chrisbrenton.org>
To: Herman@AerospaceSoftware.com
Cc: netfilter@lists.netfilter.org
Subject: Re: Port forwarding doesn't work.
Date: 12 Oct 2003 20:44:42 -0400 [thread overview]
Message-ID: <1066005882.1151.23.camel@valhalla> (raw)
In-Reply-To: <200310121700.13102.Herman@AerospaceSoftware.com>
On Sun, 2003-10-12 at 19:00, Herman wrote:
>
> Here is my problem:
> I need to forward a port from outside the firewall, to everybody on the
> inside.
If it was UDP traffic, you might be able to get away with forwarding to
your internal broadcast address. Since its TCP however, that's not RFC
and I doubt anyone will respond unless they have a broken stack.
> All examples I have seen forwards to a specific IP on the inside,
> which doesn't go well with DHCP.
Maybe you can do something with DDNS or specify a MAC-->IP mapping for
the host(s) that needs need this service.
> The man page says that specifying a range
> of IPs will trigger a round robin effect, which I don't think I want to
> happen. So, how now brown cow?
Agreed. That will balance to a number of different IPs, not what you are
looking for. Then again your using TCP so you can't do multiple nodes at
the same time anyway.
> If I display the rules, I can't see any forwarding rules in the list, which
> tells me that the forwarding rules that I try to implement are simply ignored
> by iptables:
Try it on the command line and see what errors come back.
> iptables -v -L
> Chain INPUT (policy ACCEPT 55251 packets, 13M bytes)
<snip>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
Hummm. You do realize you are letting through *everything* you are not
specifically dropping? Looks like you've had quite a bit of traffic
sneak by. :(
> How can the FORWARD chain be empty, since MASQUERADE is working and my laptop
> can surf the web?
Because you are letting everything not specifically denied blow through.
> Why are my new forwarding rules ignored?
Again, try stuff like this from the command line. If iptables is not
happy, it will let you know about it.
> How can I debug this stuff and see where the packets are going/not going?
> Can anybody shed light on this?
The counters are a good indication of what is going on. You can also run
tcpdump to troubleshoot what goes by.
HTH,
C
next prev parent reply other threads:[~2003-10-13 0:44 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-12 7:41 Invalid friggen argument Herman
2003-10-12 11:08 ` Willy TARREAU
2003-10-12 15:46 ` Herman
2003-10-12 17:44 ` Mark E. Donaldson
2003-10-12 18:18 ` Herman
2003-10-12 20:11 ` Port forwarding doesn't work Herman
2003-10-12 21:41 ` Gerd Zemella
2003-10-12 22:04 ` Herman
2003-10-12 23:00 ` Herman
2003-10-13 0:10 ` Philip Craig
2003-10-13 0:20 ` Herman
2003-10-13 0:40 ` Herman
2003-10-13 1:17 ` Arnt Karlsen
2003-10-13 13:06 ` Robert P. J. Day
2003-10-13 19:11 ` Arnt Karlsen
2003-10-13 18:05 ` Herman
2003-10-13 19:31 ` Jeffrey Laramie
2003-10-13 20:00 ` Jeffrey Laramie
2003-10-13 20:09 ` Arnt Karlsen
2003-10-13 20:47 ` Herman
2003-10-13 0:44 ` Chris Brenton [this message]
2003-10-13 1:17 ` Herman
2003-10-13 1:30 ` Herman
2003-10-13 1:52 ` Port forwarding now *almost* works Herman
2003-10-13 7:13 ` Port forwarding doesn't work Gerd Zemella
2003-10-13 14:32 ` Adam D. Barratt
2003-10-13 15:02 ` Gerd Zemella
2003-10-14 6:04 ` Invalid friggen argument Joel Newkirk
2003-10-14 13:14 ` Herman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1066005882.1151.23.camel@valhalla \
--to=cbrenton@chrisbrenton.org \
--cc=Herman@AerospaceSoftware.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox