LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Can forward port 80 but not others (https://www.linuxquestions.org/questions/linux-networking-3/can-forward-port-80-but-not-others-304731/)

capbob 03-22-2005 11:25 AM

Can forward port 80 but not others
 
Hi, I've got a linux server set up as an internet gateway with two windows xp machines connected to it via a switch. I've been trying to forward ports 3389 and 4899 to one of the xp machines but have been unable to get it to work. I have however, successfullu forwarded port 80 to the same machine. Here are my firewall rules reguarding the ports.

$IPCHAINS -A input -i $EXTIF -p tcp -s 0.0.0.0/0 -d $EXTIP 80 -j ACCEPT
$IPCHAINS -A input -i $EXTIF -p tcp -s 0.0.0.0/0 -d $EXTIP 3389 -j ACCEPT
$IPCHAINS -A input -i $EXTIF -p tcp -s 0.0.0.0/0 -d $EXTIP 4899 -j ACCEPT

$IPCHAINS -A output -i $EXTIF -p tcp -s $EXTIP 80 -d 0.0.0.0/0 -j ACCEPT
$IPCHAINS -A output -i $EXTIF -p tcp -s $EXTIP 3389 -d 0.0.0.0/0 -j ACCEPT
$IPCHAINS -A output -i $EXTIF -p tcp -s $EXTIP 4899 -d 0.0.0.0/0 -j ACCEPT

/usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 3389 -R $PORTFWIP 3389
/usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 4489 -R $PORTFWIP 4899

Any ideas why port 80 would work but the other 2 won't?

Technoslave 03-22-2005 12:36 PM

Straight from my website, check the link below, you'll find a diamond in the rough every now and again ... ok, actually, I write this junk up on my website because I have a horrible memory and I need reference to it:

It's always a pain in the ass for me to remember how to do this, I always forget a step and add an extra step that matters not.

So, here's the example of port forwarding using iptables.

I have an internal server on port 10.0.0.2, running apache on port 80. I want to be able to reach it via port 81 from my gateway computer.

/sbin/iptables -t nat -I PREROUTING -p tcp -d 209.190.200.143 --dport 81 -j DNAT --to 10.0.0.2:80

That's the part I always remember.

/sbin/iptables -I FORWARD -p tcp -d 10.0.0.2 --dport 80 -j ACCEPT

That's the part I always forget.

Anyway, port forwarding in two easy steps.

Hopefully you can extrapolate what you need from the above by changing the port numbers, etc.

capbob 03-29-2005 11:52 AM

Sorry it's taken me so long to reply.

I've already gotten port forwarding to work, just not on the ports that I want it to forward. I've forwarded port 80 successfully but haven't had any success with 3389 or 4899. Also I have to use ipchains, not iptables.

Technoslave 03-30-2005 02:21 PM

*blush* sorry, didn't even see that it was ipchains, my apologies. However, if you got 80 to work, 80 is just a number, there's nothing special about it, the other numbers you put in there should work as well.

What you've given above, minus forwarding port 80 line ( don't see that, but I'm guessing it's the same. ) Sorry, don't know what to tell you.

capbob 05-20-2005 07:02 PM

I recently upgraded my kernel to 2.6 so I can use iptables now. I'm still having the same exact problem though. Here's my entire firewall script. Anyone see any problems?

http://panthers.pnc.edu/rjohns01/firewall2.txt


All times are GMT -5. The time now is 04:27 AM.