LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-20-2010, 03:25 PM   #16
leosophy
LQ Newbie
 
Registered: Aug 2010
Location: H.K. SAR
Posts: 11

Original Poster
Rep: Reputation: 0
Unhappy iptables logs


Sorry, 202.123.123.1 is a dummy ip. This ip represent the ISP(Fixed) for my box.

I copied your script and run. Still fail..

I have log down the iptables log for "POSTROUTING"
Code:
iptables -t nat -A POSTROUTING -j LOG --log-level 4
Result(Seems some unknown blocking?? Seliunx already disabled) :

Code:
Aug 21 02:42:34 proxy kernel: IN= OUT=eth0 SRC="some externial ip address" DST=192.168.0.21 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=46124 DF PROTO=TCP SPT=28302 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
I will using another linux box for test tomorrow...

Quote:
Originally Posted by TheMadIndian View Post
I just caught this, 202.123.123.1 thats generally a router address, i'd be surprised if thats the address you're getting from the ISP

If eth0 is your local and and eth1 is your internet connection on the router run this

otherwise send me the output of ifconfig

Code:
#!/bin/bash

iptables -F
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t mangle
iptables -F -t nat
iptables -X

ifconfig eth1 |grep "inet addr" |awk -F ':' '{print $2}' | awk -F ' ' '{print $1}' > /usr/local/bin/ispIP.txt
ispIP=`cat /usr/local/bin/ispIP.txt`

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

iptables -t nat -A PREROUTING -p tcp -i eth1 -d $ispIP --dport 80 -j DNAT --to-destination 192.168.0.21

If this works we'll need to add some rules to lock things down
 
Old 08-20-2010, 05:46 PM   #17
TheMadIndian
Member
 
Registered: Dec 2007
Distribution: Fedora Slackware CentOS slax RHEL
Posts: 114

Rep: Reputation: 23
Quote:
Originally Posted by leosophy View Post
Sorry, 202.123.123.1 is a dummy ip. This ip represent the ISP(Fixed) for my box.

I copied your script and run. Still fail..

I have log down the iptables log for "POSTROUTING"
Code:
iptables -t nat -A POSTROUTING -j LOG --log-level 4
Result(Seems some unknown blocking?? Seliunx already disabled) :

Code:
Aug 21 02:42:34 proxy kernel: IN= OUT=eth0 SRC="some externial ip address" DST=192.168.0.21 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=46124 DF PROTO=TCP SPT=28302 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
I will using another linux box for test tomorrow...
If you want to you can email me
 
Old 08-31-2010, 03:28 AM   #18
leosophy
LQ Newbie
 
Registered: Aug 2010
Location: H.K. SAR
Posts: 11

Original Poster
Rep: Reputation: 0
Unhappy Maybe a routing issue

Hi TheMadIndian,

I think it's the routing issue.

Since I have two WAN links

example
WAN1 :
using Xyzel router
wan ip1 : 202.202.202.1
lan ip1 : 192.168.123.254

WAN2 :
using Linux
wan ip2 : 101.101.101.1
wan ip2 : 192.168.123.1

Web server:
using Linux
lan : 192.168.123.21

Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.123.0   0.0.0.0         255.255.255.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         192.168.123.254 0.0.0.0         UG        0 0          0 eth0
Is it routing issue? Since all default route to 192.168.123.254. Do I need to add an extra subnet for this??


Quote:
Originally Posted by TheMadIndian View Post
If you want to you can email me
 
  


Reply

Tags
iptables, portforward


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables can't port forward (PAT Port address translation) sfrederiksen Linux - Networking 7 12-20-2011 11:47 AM
If I forward a port in iptables, does the port have to be open on the firewall? qwertyjjj Linux - Server 4 08-06-2009 10:22 AM
iptables port forward forbese Suse/Novell 1 02-12-2006 03:35 PM
IPTABLES port Forward abhijeetudas Linux - Networking 1 12-02-2005 05:00 AM
How to port forward with IPTABLES... Scrag Linux - Security 6 12-13-2004 05:57 AM


All times are GMT -5. The time now is 11:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration