LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-14-2010, 04:06 PM   #1
blackfish
Member
 
Registered: May 2006
Location: England
Distribution: CentOS, Ubuntu Server, Untangle, pfSense
Posts: 78

Rep: Reputation: 15
iptables not port forwarding


Hi All,

I have a CentOS box which is Internet Facing. It has 3 LAN's connected to it which are for virtual machines.

I want to port forward port 445 to a machine on one of the LAN interfaces. I have tried various ways to get it done, but still cannot access that port from the interface. I definately know device hosting port 445 is live, as I can ping it from the CentOS box and use lynx to access it! (It's a web server)

iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 445 -j DNAT --to-destination 192.168.0.2:445

What am I doing wrong?

Any help will me much appreciated

Cheers,

BF
 
Old 08-15-2010, 09:18 AM   #2
quanta
Member
 
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724

Rep: Reputation: 100Reputation: 100
Did you enable packet forwarding?
Code:
cat /proc/sys/net/ipv4/ip_forward
 
Old 08-15-2010, 12:59 PM   #3
blackfish
Member
 
Registered: May 2006
Location: England
Distribution: CentOS, Ubuntu Server, Untangle, pfSense
Posts: 78

Original Poster
Rep: Reputation: 15
Yes IP forwarding is definately enabled in both /proc/sys/net/ipv4/ip_forward and in /etc/sysctl.conf
 
Old 08-15-2010, 02:56 PM   #4
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
What about FORWARD chain?
Have you allowed forwarding through it?
 
Old 08-15-2010, 03:55 PM   #5
blackfish
Member
 
Registered: May 2006
Location: England
Distribution: CentOS, Ubuntu Server, Untangle, pfSense
Posts: 78

Original Poster
Rep: Reputation: 15
Yes I have enabled a forward chain,

Here is my iptables config:

Code:
#!/bin/sh
/sbin/modprobe ip_conntrack_ftp
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
#echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
/sbin/iptables --flush
/sbin/iptables -A INPUT  -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/sbin/iptables --policy INPUT   DROP
#/sbin/iptables --policy OUTPUT  ACCEPT
/sbin/iptables --policy FORWARD DROP
/sbin/iptables -A INPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 445 -j DNAT --to 192.168.0.2:445
/sbin/iptables -A FORWARD -p tcp --dport 445 -d 192.168.0.2 -j ACCEPT
/sbin/iptables -A INPUT -j DROP
/sbin/iptables-save
Thanks

BF

Last edited by blackfish; 08-15-2010 at 03:57 PM.
 
Old 08-16-2010, 10:34 AM   #6
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
/sbin/iptables -A FORWARD -p tcp --dport 445 -d 192.168.0.2 -j ACCEPT - it is one way.

I suggest for the test purpose allow all of FORWARD:
/sbin/iptables --policy FORWARD ACCEPT

and then, when you make sure that it works, add certain rules to FORWARD chain
 
Old 08-18-2010, 12:21 PM   #7
blackfish
Member
 
Registered: May 2006
Location: England
Distribution: CentOS, Ubuntu Server, Untangle, pfSense
Posts: 78

Original Poster
Rep: Reputation: 15
Thanks for advice, I have found the problem.

The CentOS server was not reading the firewall script when you restarted iptables using: service iptables restart

I have fixed this problem by appending my configuration to the firewall script and rebooting the server. It now works perfectly

Thanks

BF
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables - port forwarding to blocked port? spangberg Linux - Networking 2 03-26-2010 05:48 AM
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 08:35 PM
Port Forwarding and IpTables nathanieljb Linux - Networking 1 03-17-2005 02:28 AM
IPTables port forwarding.. NeoTech Linux - Networking 2 01-03-2005 12:27 PM
Iptables -- Port Forwarding slack_baby Linux - Networking 3 06-03-2004 03:29 PM


All times are GMT -5. The time now is 04:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration