Forwarding my IP.

Kratosaurion7 · 12-24-2008, 05:43 PM

I don't really understand all this IP/Ports thing. But I know that if I want people to connect to my site, I have to forward the incoming public/port request to the private IP leading to my computer. But I seem stuck somewhere in that guide down where it says Make Your Server Accesible to the Internet. I don't follow him, he says to forward my ports, I did. 22 and 80 both TCP and UDP are up and it still won't do a thing. If someone could explain all that thing in different words maybe I'd understand. My router/Modem (Mine does both) is a 2wire:2701HG-G.

(BTW, on that page http://www.portforward.com/english/r...1HG-Gindex.htm , what am I looking for? Its all games and application. )

rayfordj · 12-24-2008, 06:30 PM

Quote:

Originally Posted by Kratosaurion7

My router/Modem (Mine does both) is a 2wire:2701HG-G.

I just so happened to encounter one of the 2wire beasts earlier this week. I think the one I dealt with was a 2700HG-D though...

Hopefully similar enough.

Code:

http://gateway.2wire.net  
   \-->  firewall  
             \-->  firewall settings

1) select computer you want to forward to
2) allow individual application[s]
  2a) Servers
  2b) SSH Server & Web Server
  2c) Add

Done.

What we are doing is instructing the dsl gateway/router to forward any requests to public ip port 22 or 80 to the internal system selected in 1).

you can use grc.com's Shields-UP! (or any other number of available services or even a friend or an external account you may have) to test before and after.

hope this helps.

Kratosaurion7 · 12-24-2008, 08:02 PM

Cool, well I did that but. I dunno whats keeping it from working. Heres a picture of my situation
http://img300.imageshack.us/img300/9675/problemmb4.png

I think I did everything right.

alexhwest · 12-26-2008, 04:26 PM

On the internal computer, show us the output of
ifconfig -a
and
iptables -L

Thanks

Kratosaurion7 · 12-27-2008, 09:27 PM

ifconfig -a :

eth0 Link encap:Ethernet HWaddr 00:16:76:3d:cc:f4
inet addr:192.168.2.11 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::216:76ff:fe3d:ccf4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:289 errors:0 dropped:0 overruns:0 frame:0
TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:26366 (25.7 KB) TX bytes:4754 (4.6 KB)
Base address:0x1000 Memory:d3100000-d3120000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:200 (200.0 B) TX bytes:200 (200.0 B)

iptables -L :

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
eth0_in all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
eth0_out all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject all -- anywhere anywhere

Chain Drop (2 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid all -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain

Chain Reject (4 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid all -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain

Chain all2all (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject all -- anywhere anywhere

Chain dropBcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast

Chain dropInvalid (2 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID

Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN

Chain dynamic (2 references)
target prot opt source destination

Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
smurfs all -- anywhere anywhere state INVALID,NEW
tcpflags tcp -- anywhere anywhere

Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
smurfs all -- anywhere anywhere state INVALID,NEW
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
tcpflags tcp -- anywhere anywhere
net2fw all -- anywhere anywhere

Chain eth0_out (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
fw2net all -- anywhere anywhere

Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain logdrop (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:logdrop:DROP:'
DROP all -- anywhere anywhere

Chain logflags (5 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:logflags:DROP:'
DROP all -- anywhere anywhere

Chain logreject (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:logreject:REJECT:'
reject all -- anywhere anywhere

Chain net2all (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2all:DROP:'
DROP all -- anywhere anywhere

Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
reject icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2fw:DROP:'
DROP all -- anywhere anywhere

Chain reject (12 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast
DROP all -- 255.255.255.255 anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain shorewall (0 references)
target prot opt source destination

Chain smurfs (2 references)
target prot opt source destination
LOG all -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- 255.255.255.255 anywhere
LOG all -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere

Chain tcpflags (2 references)
target prot opt source destination
logflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
logflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
logflags tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
logflags tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
logflags tcp -- anywhere anywhere tcp spt:0 flags:FIN,SYN,RST,ACK/SYN

Kratosaurion7 · 12-28-2008, 01:32 PM

Hmm, made a few tests with my friends today and it looks like it works ^.^ Whatever you guys did to me seemed to make its magic. Thanks all !

nobrowser · 03-27-2009, 03:03 AM

I am struggling with one as well. I am no beginner, I am an experienced Unix & Linux sysadmin. The problem is simply that some computers don't show up on the router's list, so there's no way to set up NAT for them because the setting is not by IP address but by the name on the list. The list is somehow dynamically discovered by the router, and I have no clue what it is my Linux box has to do to be noticed. Maybe something to do with SNMP? Or NetBIOS? I did a tcpdump on the Linux box and I see the router continually sends ARP requests, 1 per second. When my box receives one of these it replies properly with its MAC address, so that makes it even weirder that it's not included in the list.

If anyone has figured out how to make this piece of *@%# behave, please help.

i