Debian This forum is for the discussion of Debian Linux.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
#1
Member
Registered: Oct 2013
Location: Dist Nasik MH State Country India
Distribution: Linux
Posts: 111
Rep:
Iptables Rules not working
Hi,
Friends,
I had setup iptables between 2 machines but not working. I want to forward 3306 traffic coming of first machine to other machine.
Here are some details of my configurations.
Code:
1st machine details.
OS cat /etc/issue
Ubuntu 10.04.4 LTS \n \l
ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0c:29:38:60:fd
inet addr:10.24.102.242 Bcast:10.24.103.255 Mask:255.255.254.0
inet6 addr: fe80::20c:29ff:fe38:60fd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9464 errors:0 dropped:0 overruns:0 frame:0
TX packets:1513 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:955647 (955.6 KB) TX bytes:220113 (220.1 KB)
Interrupt:19 Base address:0x2000
root@rnd:~# cat /proc/sys/net/ipv4/ip_forward
1
root@rnd:~# iptables -t nat -A PREROUTING -p tcp --dport 3306 -j DNAT --to-destination 10.24.102.244
root@rnd:~# iptables --list -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 to:10.24.102.244
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
netstat -ntlp|grep 3306
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1763/mysqld
2nd ,machine details.
cat /etc/issue
Ubuntu 10.04.4 LTS \n \l
ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0c:29:2d:61:27
inet addr:10.24.102.244 Bcast:10.24.103.255 Mask:255.255.254.0
inet6 addr: fe80::20c:29ff:fe2d:6127/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7498 errors:0 dropped:0 overruns:0 frame:0
TX packets:322 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:764814 (764.8 KB) TX bytes:46704 (46.7 KB)
Interrupt:19 Base address:0x2000
root@opendr-desktop:~# iptables -t nat -A POSTROUTING -p tcp -d 10.24.102.244 --dport 3306 -j MASQUERADE
root@opendr-desktop:~# iptables --list -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE tcp -- 0.0.0.0/0 10.24.102.244 tcp dpt:3306
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
netstat -ntlp|grep 3306
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 966/mysqld
ifconfig eth0
eth0 Link encap:Ethernet HWaddr 60:EB:69:77:17:E7
inet addr:10.24.102.205 Bcast:10.24.103.255 Mask:255.255.254.0
inet6 addr: fe80::62eb:69ff:fe77:17e7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:76849 errors:0 dropped:0 overruns:0 frame:0
TX packets:43005 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:37237318 (35.5 MiB) TX bytes:8457392 (8.0 MiB)
Interrupt:44 Base address:0xe000
[ssr@ssrlaptop ~]$ telnet 10.24.102.242 3306
Trying 10.24.102.242...
telnet: connect to address 10.24.102.242: Connection timed out
But still the traffic coming on first machine at port 3306 is not getting forwarded to 2nd machine. Am I missing something or these rules are wrong.
Rgds,
SSR
Last edited by redssr; 02-19-2014 at 04:45 AM .
#2
Senior Member
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,126
Rep:
The masquerade rule you have on the second machine, needs to be on the first machine, you shouldn't need any rule for it on the second machine.
#3
Member
Registered: Oct 2013
Location: Dist Nasik MH State Country India
Distribution: Linux
Posts: 111
Original Poster
Rep:
Hi,
estabroo,
Thanks friend. What an Idiot I am. It was so simple and i was wondering from last 3 days why its not woring. Now its working as expected.
Now I want one more help from you my friend.
Is it also possible to forward localhost 3306 traffic to 2nd (10.24.102.244) machine.Means if i use following cmd on 10.24.102.242 machine.
will this redirect to me at 10.24.102.244 machine? with existing rule? or i will need to configure new rule and what.
Rgds,
redssr
Last edited by redssr; 02-20-2014 at 03:02 AM .
#4
Senior Member
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,126
Rep:
I don't know, I think mysql the command uses a unix socket to connect on the localhost, so you'd probably be stuck using -h host option anyway.
All times are GMT -5. The time now is 09:29 AM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
