Can forward port 80 but not others
Hi, I've got a linux server set up as an internet gateway with two windows xp machines connected to it via a switch. I've been trying to forward ports 3389 and 4899 to one of the xp machines but have been unable to get it to work. I have however, successfullu forwarded port 80 to the same machine. Here are my firewall rules reguarding the ports.
$IPCHAINS -A input -i $EXTIF -p tcp -s 0.0.0.0/0 -d $EXTIP 80 -j ACCEPT $IPCHAINS -A input -i $EXTIF -p tcp -s 0.0.0.0/0 -d $EXTIP 3389 -j ACCEPT $IPCHAINS -A input -i $EXTIF -p tcp -s 0.0.0.0/0 -d $EXTIP 4899 -j ACCEPT $IPCHAINS -A output -i $EXTIF -p tcp -s $EXTIP 80 -d 0.0.0.0/0 -j ACCEPT $IPCHAINS -A output -i $EXTIF -p tcp -s $EXTIP 3389 -d 0.0.0.0/0 -j ACCEPT $IPCHAINS -A output -i $EXTIF -p tcp -s $EXTIP 4899 -d 0.0.0.0/0 -j ACCEPT /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 3389 -R $PORTFWIP 3389 /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 4489 -R $PORTFWIP 4899 Any ideas why port 80 would work but the other 2 won't? |
Straight from my website, check the link below, you'll find a diamond in the rough every now and again ... ok, actually, I write this junk up on my website because I have a horrible memory and I need reference to it:
It's always a pain in the ass for me to remember how to do this, I always forget a step and add an extra step that matters not. So, here's the example of port forwarding using iptables. I have an internal server on port 10.0.0.2, running apache on port 80. I want to be able to reach it via port 81 from my gateway computer. /sbin/iptables -t nat -I PREROUTING -p tcp -d 209.190.200.143 --dport 81 -j DNAT --to 10.0.0.2:80 That's the part I always remember. /sbin/iptables -I FORWARD -p tcp -d 10.0.0.2 --dport 80 -j ACCEPT That's the part I always forget. Anyway, port forwarding in two easy steps. Hopefully you can extrapolate what you need from the above by changing the port numbers, etc. |
Sorry it's taken me so long to reply.
I've already gotten port forwarding to work, just not on the ports that I want it to forward. I've forwarded port 80 successfully but haven't had any success with 3389 or 4899. Also I have to use ipchains, not iptables. |
*blush* sorry, didn't even see that it was ipchains, my apologies. However, if you got 80 to work, 80 is just a number, there's nothing special about it, the other numbers you put in there should work as well.
What you've given above, minus forwarding port 80 line ( don't see that, but I'm guessing it's the same. ) Sorry, don't know what to tell you. |
I recently upgraded my kernel to 2.6 so I can use iptables now. I'm still having the same exact problem though. Here's my entire firewall script. Anyone see any problems?
http://panthers.pnc.edu/rjohns01/firewall2.txt |
All times are GMT -5. The time now is 04:27 AM. |