Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
08-14-2010, 03:06 PM
|
#1
|
|
Member
Registered: May 2006
Location: England
Distribution: CentOS, Ubuntu Server, Untangle, pfSense
Posts: 78
Rep: 
|
iptables not port forwarding
Hi All,
I have a CentOS box which is Internet Facing. It has 3 LAN's connected to it which are for virtual machines.
I want to port forward port 445 to a machine on one of the LAN interfaces. I have tried various ways to get it done, but still cannot access that port from the interface. I definately know device hosting port 445 is live, as I can ping it from the CentOS box and use lynx to access it! (It's a web server)
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 445 -j DNAT --to-destination 192.168.0.2:445
What am I doing wrong?
Any help will me much appreciated 
Cheers,
BF |
|
|
|
|
08-15-2010, 08:18 AM
|
#2
|
|
Member
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724
Rep:
|
Did you enable packet forwarding?
Code:
cat /proc/sys/net/ipv4/ip_forward
|
|
|
|
|
08-15-2010, 11:59 AM
|
#3
|
|
Member
Registered: May 2006
Location: England
Distribution: CentOS, Ubuntu Server, Untangle, pfSense
Posts: 78
Original Poster
Rep:
|
Yes IP forwarding is definately enabled in both /proc/sys/net/ipv4/ip_forward and in /etc/sysctl.conf
|
|
|
|
|
08-15-2010, 01:56 PM
|
#4
|
|
Senior Member
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571
Rep:
|
What about FORWARD chain?
Have you allowed forwarding through it?
|
|
|
|
|
08-15-2010, 02:55 PM
|
#5
|
|
Member
Registered: May 2006
Location: England
Distribution: CentOS, Ubuntu Server, Untangle, pfSense
Posts: 78
Original Poster
Rep:
|
Yes I have enabled a forward chain,
Here is my iptables config:
Code:
#!/bin/sh
/sbin/modprobe ip_conntrack_ftp
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
#echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
/sbin/iptables --flush
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/sbin/iptables --policy INPUT DROP
#/sbin/iptables --policy OUTPUT ACCEPT
/sbin/iptables --policy FORWARD DROP
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 445 -j DNAT --to 192.168.0.2:445
/sbin/iptables -A FORWARD -p tcp --dport 445 -d 192.168.0.2 -j ACCEPT
/sbin/iptables -A INPUT -j DROP
/sbin/iptables-save
Thanks
BF
Last edited by blackfish; 08-15-2010 at 02:57 PM.
|
|
|
|
|
08-16-2010, 09:34 AM
|
#6
|
|
Senior Member
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571
Rep:
|
/sbin/iptables -A FORWARD -p tcp --dport 445 -d 192.168.0.2 -j ACCEPT - it is one way.
I suggest for the test purpose allow all of FORWARD:
/sbin/iptables --policy FORWARD ACCEPT
and then, when you make sure that it works, add certain rules to FORWARD chain
|
|
|
|
|
08-18-2010, 11:21 AM
|
#7
|
|
Member
Registered: May 2006
Location: England
Distribution: CentOS, Ubuntu Server, Untangle, pfSense
Posts: 78
Original Poster
Rep:
|
Thanks for advice, I have found the problem.
The CentOS server was not reading the firewall script when you restarted iptables using: service iptables restart
I have fixed this problem by appending my configuration to the firewall script and rebooting the server. It now works perfectly
Thanks
BF |
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 09:21 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
