LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-24-2008, 05:43 PM   #1
Kratosaurion7
LQ Newbie
 
Registered: Dec 2008
Distribution: Fedora/Ubuntu
Posts: 18

Rep: Reputation: 0
Forwarding my IP.


I don't really understand all this IP/Ports thing. But I know that if I want people to connect to my site, I have to forward the incoming public/port request to the private IP leading to my computer. But I seem stuck somewhere in that guide down where it says Make Your Server Accesible to the Internet. I don't follow him, he says to forward my ports, I did. 22 and 80 both TCP and UDP are up and it still won't do a thing. If someone could explain all that thing in different words maybe I'd understand. My router/Modem (Mine does both) is a 2wire:2701HG-G.

(BTW, on that page http://www.portforward.com/english/r...1HG-Gindex.htm , what am I looking for? Its all games and application. )

Last edited by Kratosaurion7; 12-24-2008 at 05:44 PM. Reason: Grammar
 
Old 12-24-2008, 06:30 PM   #2
rayfordj
Member
 
Registered: Feb 2008
Location: Texas
Distribution: Fedora, RHEL, CentOS
Posts: 475

Rep: Reputation: 73
Quote:
Originally Posted by Kratosaurion7 View Post
My router/Modem (Mine does both) is a 2wire:2701HG-G.
I just so happened to encounter one of the 2wire beasts earlier this week. I think the one I dealt with was a 2700HG-D though...

Hopefully similar enough.

Code:
http://gateway.2wire.net  
   \-->  firewall  
             \-->  firewall settings

1) select computer you want to forward to
2) allow individual application[s]
  2a) Servers
  2b) SSH Server & Web Server
  2c) Add

Done.
What we are doing is instructing the dsl gateway/router to forward any requests to public ip port 22 or 80 to the internal system selected in 1).

you can use grc.com's Shields-UP! (or any other number of available services or even a friend or an external account you may have) to test before and after.

hope this helps.
 
Old 12-24-2008, 08:02 PM   #3
Kratosaurion7
LQ Newbie
 
Registered: Dec 2008
Distribution: Fedora/Ubuntu
Posts: 18

Original Poster
Rep: Reputation: 0
Cool, well I did that but. I dunno whats keeping it from working. Heres a picture of my situation
http://img300.imageshack.us/img300/9675/problemmb4.png

I think I did everything right.

Last edited by Kratosaurion7; 12-24-2008 at 08:05 PM.
 
Old 12-26-2008, 04:26 PM   #4
alexhwest
Member
 
Registered: Dec 2008
Location: Cleveland, OH
Distribution: Ubuntu
Posts: 30

Rep: Reputation: 15
On the internal computer, show us the output of
ifconfig -a
and
iptables -L

Thanks
 
Old 12-27-2008, 09:27 PM   #5
Kratosaurion7
LQ Newbie
 
Registered: Dec 2008
Distribution: Fedora/Ubuntu
Posts: 18

Original Poster
Rep: Reputation: 0
ifconfig -a :

eth0 Link encap:Ethernet HWaddr 00:16:76:3d:cc:f4
inet addr:192.168.2.11 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::216:76ff:fe3d:ccf4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:289 errors:0 dropped:0 overruns:0 frame:0
TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:26366 (25.7 KB) TX bytes:4754 (4.6 KB)
Base address:0x1000 Memory:d3100000-d3120000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:200 (200.0 B) TX bytes:200 (200.0 B)


iptables -L :

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
eth0_in all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
eth0_out all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject all -- anywhere anywhere

Chain Drop (2 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid all -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain

Chain Reject (4 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid all -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain

Chain all2all (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject all -- anywhere anywhere

Chain dropBcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast

Chain dropInvalid (2 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID

Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN

Chain dynamic (2 references)
target prot opt source destination

Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
smurfs all -- anywhere anywhere state INVALID,NEW
tcpflags tcp -- anywhere anywhere

Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
smurfs all -- anywhere anywhere state INVALID,NEW
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
tcpflags tcp -- anywhere anywhere
net2fw all -- anywhere anywhere

Chain eth0_out (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
fw2net all -- anywhere anywhere

Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain logdrop (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:logdrop:DROP:'
DROP all -- anywhere anywhere

Chain logflags (5 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:logflags:DROP:'
DROP all -- anywhere anywhere

Chain logreject (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:logreject:REJECT:'
reject all -- anywhere anywhere

Chain net2all (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2all:DROP:'
DROP all -- anywhere anywhere

Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
reject icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2fw:DROP:'
DROP all -- anywhere anywhere

Chain reject (12 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast
DROP all -- 255.255.255.255 anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain shorewall (0 references)
target prot opt source destination

Chain smurfs (2 references)
target prot opt source destination
LOG all -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- 255.255.255.255 anywhere
LOG all -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere

Chain tcpflags (2 references)
target prot opt source destination
logflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
logflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
logflags tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
logflags tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
logflags tcp -- anywhere anywhere tcp spt:0 flags:FIN,SYN,RST,ACK/SYN

Last edited by Kratosaurion7; 12-27-2008 at 09:29 PM.
 
Old 12-28-2008, 01:32 PM   #6
Kratosaurion7
LQ Newbie
 
Registered: Dec 2008
Distribution: Fedora/Ubuntu
Posts: 18

Original Poster
Rep: Reputation: 0
Hmm, made a few tests with my friends today and it looks like it works ^.^ Whatever you guys did to me seemed to make its magic. Thanks all !
 
Old 03-27-2009, 03:03 AM   #7
nobrowser
LQ Newbie
 
Registered: Mar 2009
Posts: 5

Rep: Reputation: 0
these routers are junk :(

I am struggling with one as well. I am no beginner, I am an experienced Unix & Linux sysadmin. The problem is simply that some computers don't show up on the router's list, so there's no way to set up NAT for them because the setting is not by IP address but by the name on the list. The list is somehow dynamically discovered by the router, and I have no clue what it is my Linux box has to do to be noticed. Maybe something to do with SNMP? Or NetBIOS? I did a tcpdump on the Linux box and I see the router continually sends ARP requests, 1 per second. When my box receives one of these it replies properly with its MAC address, so that makes it even weirder that it's not included in the list.

If anyone has figured out how to make this piece of *@%# behave, please help.

i
 
  


Reply

Tags
forward, ip, network, port, tcp, ubuntu


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Mail Forwarding in postfix/maildrop/redhat (like yahoo mail forwarding) topcat Linux - Software 1 08-31-2007 01:10 PM
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 08:35 PM
Simple Port Forwarding Firewall - not forwarding MadTurki Linux - Security 14 04-09-2006 01:08 PM
IP forwarding lapthorn Linux - Networking 1 02-19-2004 04:49 PM
port forwarding and packet forwarding syrtsardo Linux - Newbie 2 07-03-2003 11:37 AM


All times are GMT -5. The time now is 12:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration