Hello friends,
I have big torubles all day about portforwording.
I cant help my self anymore.
I have an debian server with two netcards:
eth4 is going online through dsl --> ppp0
eth3 is the card for the local network connected through a switch. It has the ip 10.0.0.10
The only thing I want is that a incomming connection from ppp0 on from port2668 will forwarded to my 2nd computer with the IP 10.0.0.23
My routing scipt:
PHP Code:
route add 255.255.255.255 eth3
echo "1" > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A POSTROUTING -s 10.0.0.0/255.255.255.0 -j MASQUERADE
#iptables -A PREROUTING -t nat -i eth3 -p tcp --dport 668 -j DNAT --to 10.0.0.23:668
#iptables -A INPUT -p tcp -m state --state NEW --dport 668 -i eth3 -j ACCEPT
My Script for the Forwording part:
PHP Code:
PORT=8668
TARGET_PORT=2668
DMZ_IP=10.0.0.23
DMZ_IF=eth3
/sbin/iptables -A PREROUTING -t nat -p tcp --dport $PORT -i ppp0 -j DNAT --to $DMZ_IP:$TARGET_PORT
/sbin/iptables -A FORWARD -p tcp -d $DMZ_IP --dport $TARGET_PORT -i ppp0 -o $DMZ_IF -j ACCEPT
/sbin/iptables -A FORWARD -p tcp -s $DMZ_IP --sport $PORT -i $DMZ_IF -o ppp0 -j ACCEPT
But there are messages likes this:
PHP Code:
Apr 6 20:48:29 localhost kernel: IN=eth3 OUT=eth3 SRC=10.0.0.24 DST=10.0.0.23 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=58887 DF PROTO=TCP SPT=2296 DPT=2668 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 6 20:48:29 localhost kernel: IN=eth3 OUT=eth3 SRC=10.0.0.24 DST=10.0.0.23 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=58888 DF PROTO=TCP SPT=2297 DPT=2668 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 6 20:48:29 localhost kernel: IN=eth3 OUT=eth3 SRC=10.0.0.24 DST=10.0.0.23 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=58889 DF PROTO=TCP SPT=2298 DPT=2668 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 6 20:48:29 localhost kernel: IN=eth3 OUT=eth3 SRC=10.0.0.24 DST=10.0.0.23 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=58890 DF PROTO=TCP SPT=2299 DPT=2668 WINDOW=65535 RES=0x00 SYN URGP=0
Perhaps it has to do with my iptable:
PHP Code:
localhost:~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
LOG 0 -- loopback/8 anywhere LOG level warning
DROP 0 -- loopback/8 anywhere
ACCEPT 0 -- anywhere 255.255.255.255
ACCEPT 0 -- 10.0.0.0/8 anywhere
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG 0 -- 10.0.0.0/8 anywhere LOG level warning
DROP 0 -- 10.0.0.0/8 anywhere
ACCEPT 0 -- anywhere 255.255.255.255
ACCEPT 0 -- anywhere 222.221.180.181
LOG 0 -- anywhere anywhere LOG level warning
DROP 0 -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- 10.0.0.0/8 anywhere
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
LOG 0 -- anywhere 10.0.0.0/8 LOG level warning
DROP 0 -- anywhere 10.0.0.0/8
LOG 0 -- anywhere anywhere LOG level warning
DROP 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT tcp -- anywhere 10.0.0.23 multiport dports 2668
ACCEPT tcp -- anywhere 10.0.0.23 multiport dports 2668
ACCEPT tcp -- anywhere 10.0.0.23 multiport dports 2668
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere 255.255.255.255
ACCEPT 0 -- anywhere 10.0.0.0/8
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG 0 -- anywhere 10.0.0.0/8 LOG level warning
DROP 0 -- anywhere 10.0.0.0/8
ACCEPT 0 -- anywhere 255.255.255.255
ACCEPT 0 -- 222.221.180.181 anywhere
LOG 0 -- anywhere anywhere LOG level warning
DROP 0 -- anywhere anywhere
I already wasted more than 6 hours, but I havent solved it yet.
So I kneed your help brothers.
I did it before, without any trouble.
But know with 2 netcards I have lors of troubles.
By the wat the internet connection card eth4 dont have any ip.
Good bye
