From: "John A. Sullivan III" <john.sullivan@nexusmgmt.com>
To: alucard@kanux.com
Cc: netfilter@lists.netfilter.org
Subject: Re: forwarding
Date: Tue, 18 May 2004 10:58:45 -0400 [thread overview]
Message-ID: <1084892325.6417.40.camel@localhost> (raw)
In-Reply-To: <34012.200.44.170.105.1084892235.squirrel@200.44.170.105>
On Tue, 2004-05-18 at 10:57, alucard@kanux.com wrote:
> Hi there again...
>
> Here's my changed rule:
>
> -------
> echo "Borrando posibles reglas anteriores..."
> iptables -F
> iptables -X
>
> echo "Habilitando politicas de negacion total de paquetes"
>
> iptables -P FORWARD DROP
> iptables -P INPUT DROP
>
> echo "Reglas para paquetes de entrada y salida"
>
> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>
> #iptables -A INPUT -p tcp --dport 21 -j ACCEPT
> iptables -A INPUT -p tcp --dport 25 -j ACCEPT
> iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
>
>
> ##internas
> iptables -A INPUT -i eth0 -p tcp --dport 143 -j ACCEPT
> iptables -A INPUT -i lo -p tcp --dport 143 -j ACCEPT
> iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --dport 110 -j ACCEPT
>
> #para el forward
> echo 0 > /proc/sys/net/ipv4/ip_forward
> iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables -A FORWARD -d 192.168.0.2 -p tcp --dport 80 -j ACCEPT
> iptables -t nat -A PREROUTING -d 10.73.219.156 -p 6 --dport 8080 \
> -j DNAT --to-destination 192.168.0.2:80
> echo 1 > /proc/sys/net/ipv4/ip_forward
> -------
>
> and after I executed this, here's my nmap output
>
> -------
> root@mail:~# nmap 10.73.219.156
>
> (The 1652 ports scanned but not shown below are in state: filtered)
> PORT STATE SERVICE
> 22/tcp open ssh
> 25/tcp open smtp
> 80/tcp open http
> 143/tcp open imap
> 3306/tcp open mysql
> --------
>
> Should I show something else? for what I know, it should be forwarding
> packets but is not... port 8080 is not open as nmap shows, any
> suggestions?
>
> Thanks a lot as usual...
> Juan
Although it probably did, are you sure nmap scanned port 8080? How about
nmap -sT -p 8080 10.73.219.156
I would then trace both the wire and the iptables rules to find out
where it is breaking - John
--
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
next prev parent reply other threads:[~2004-05-18 14:58 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-18 14:22 forwarding alucard
2004-05-18 14:39 ` forwarding John A. Sullivan III
2004-05-18 14:49 ` forwarding alucard
2004-05-18 14:51 ` forwarding John A. Sullivan III
2004-05-18 14:56 ` forwarding Antony Stone
2004-05-18 14:57 ` forwarding alucard
2004-05-18 14:58 ` John A. Sullivan III [this message]
2004-05-18 15:12 ` forwarding alucard
2004-05-18 15:53 ` forwarding John A. Sullivan III
2004-05-18 16:38 ` forwarding alucard
2004-05-18 17:02 ` forwarding John A. Sullivan III
2004-05-18 18:21 ` forwarding alucard
2004-05-18 18:28 ` forwarding Antony Stone
2004-05-18 18:42 ` forwarding alucard
2004-05-18 19:22 ` forwarding John A. Sullivan III
2004-05-18 21:33 ` forwarding Antony Stone
2004-05-19 4:56 ` forwarding Juan Hernandez
2004-05-18 15:09 ` forwarding Antony Stone
2004-05-18 15:40 ` forwarding alucard
2004-05-18 15:53 ` forwarding Antony Stone
2004-05-18 14:44 ` forwarding Antony Stone
-- strict thread matches above, loose matches on Subject: below --
2004-05-18 20:48 forwarding Daniel Chemko
2004-05-18 21:15 ` forwarding John A. Sullivan III
2004-05-18 20:33 forwarding Daniel Chemko
2004-05-18 18:23 forwarding Daniel Chemko
2004-05-18 18:42 ` forwarding Antony Stone
2004-05-18 18:50 ` forwarding alucard
2004-05-18 19:15 ` forwarding John A. Sullivan III
2004-05-18 18:04 forwarding Daniel Chemko
2004-05-18 17:04 forwarding CPD - David Cardeñosa Rubio
2004-05-18 15:33 forwarding CPD - David Cardeñosa Rubio
2004-05-18 15:47 ` forwarding John A. Sullivan III
2004-05-18 15:51 ` forwarding Antony Stone
2002-07-08 3:25 forwarding Tim
2002-07-08 0:30 ` forwarding Antony Stone
[not found] ` <003801c22632$521c93a0$1606d6d1@nebuchadnezza>
2002-07-08 0:53 ` forwarding Antony Stone
2002-07-08 4:03 ` forwarding Tim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1084892325.6417.40.camel@localhost \
--to=john.sullivan@nexusmgmt.com \
--cc=alucard@kanux.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox