From: "Taylor, Grant" <gtaylor@riverviewtech.net>
To: "Samuel Díaz García" <samueldg@arcoscom.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Port Forwarding Problem
Date: Fri, 15 Apr 2005 09:32:53 -0500 [thread overview]
Message-ID: <425FD095.9020507@riverviewtech.net> (raw)
In-Reply-To: <20050415084039.7032.qmail@arcoscom.com>
I do not recall seeing the original post so I did not see your firewall rule set. If you have your default policy for the FORWARD chain set to DROP you will need to explicitly allow the traffic that you are trying to port forward in your FORWARD table. For example you will need something like this:
iptables -t filter -A FORWARD -i $INet -o $LAN -p tcp --dport 800 -d $IP_of_server_to_forward_to -j ACCEPT
iptables -t filter -A FORWARD -i $INet -o $LAN -p udp --dport 800 -d $IP_of_server_to_forward_to -j ACCEPT
iptables -t filter -A FORWARD -i $LAN -o $INet -p tcp --dport 800 -s $IP_of_server_to_forward_to -j ACCEPT
iptables -t filter -A FORWARD -i $LAN -o $INet -p udp --dport 800 -s $IP_of_server_to_forward_to -j ACCEPT
I added rules for both TCP and UDP as I did not know which protocol you are running. If you don't need one or the other just take the pair (in and out) of rules out.
Grant. . . .
Samuel Díaz García wrote:
> Without having a look into your scripts, I think you need:
> 1) Allow INPUT into filter table to the port.
> 2) Allow FORDWARD into filter table to the redirected conection.
> Good luck.
> Julian Labuschagne writes:
>
>> Hi everyone I'm a bit new to iptables so please bear with me on this
>> one ;)
>> I wrote a small firewall that basicaly nats users through my gateway
>> machine only allowing certain hosts on my network Web DNS and Mail
>> access.
>> This section works fine.
>> But I also want to port forward any connections from outside to port
>> 800 to a host running inside my LAN.
>> I added a rule in the PREROUTING table to do this.
>> But it seems that no connection gets forwarded.
>> If I set my default policies to ACCEPT and add the PREROUTING rule it
>> actualy does the port forwarding correctly.
>> I attached a copy of the firewall I wrote with this message.
>> Please can someone have a look through it for me cause I'm sure I'm
>> just missing something.
>> Kind Regards Julian.
>>
>>
>
>
>
> Samuel D�az Garc�a
> Director Gerente
> ArcosCom Wireless, S.L.L.
> mailto:samueldg@arcoscom.com
> http://www.arcoscom.com
> m�vil: 651 93 72 48
> tlfn.: 956 70 13 15
> fax: 956 70 34 83
>
>
>
next prev parent reply other threads:[~2005-04-15 14:32 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-15 10:34 Port Forwarding Problem Julian Labuschagne
2005-04-15 8:40 ` Samuel Díaz García
2005-04-15 11:23 ` Julian Labuschagne
2005-04-15 14:32 ` Taylor, Grant [this message]
2005-04-15 14:40 ` Jason Opperisano
-- strict thread matches above, loose matches on Subject: below --
2010-10-16 12:53 Port forwarding problem Carlos Mtz-Troncoso
2010-10-16 13:13 ` Pascal Hambourg
2010-10-16 13:19 ` Carlos Mtz-Troncoso
2010-10-16 13:37 ` Pascal Hambourg
2010-10-16 14:01 ` Carlos Mtz-Troncoso
2010-10-16 18:19 ` Pascal Hambourg
2008-04-24 19:17 Port Forwarding Problem Ivan Hernandez
2008-04-25 19:49 ` Grant Taylor
2005-07-18 5:17 George Esperanza
2005-04-15 10:36 Julian Labuschagne
2003-02-25 18:06 Tom Smith
2003-02-25 20:14 ` Willi Dyck
2003-02-25 21:53 ` Tom Smith
2003-02-26 3:20 ` Arnt Karlsen
[not found] ` <3E5C3DEE.70104@openadventures.org>
2003-02-26 14:07 ` Arnt Karlsen
[not found] <001601c2d1fa$669894e0$990da8c0@..153.service>
2003-02-11 19:11 ` Port forwarding problem DarKRaveR
2003-02-11 19:14 ` Rob Sterenborg
2003-02-11 18:21 Danila Octavian
2003-01-29 0:56 port " Ian McBeth
2003-01-28 8:14 oarojo
2003-01-29 1:21 ` Arnt Karlsen
2002-11-14 4:29 Port " Tom Elsesser
2002-11-24 20:40 ` Joel Newkirk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=425FD095.9020507@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=netfilter@lists.netfilter.org \
--cc=samueldg@arcoscom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox