IPTABLES port forwarding to internal network
I have an IP from a ISP and have an internal network 192.168.0.0. I use Red Hat Linux 7.2 and IPTABLES to share internet. The internal IP of the Linux machine is 192.168.0.1. I have an Windows FTP server on 192.168.0.2 and I want to use the Linux machine as a gateway between the Win FTP server en the internet. Thus I want the Win FTP server to be accessable form my IP provided by the ISP on port 7021.
My current rc.firewall file has the following relevant lines:
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
After this file is executed I ran the following Lines, I also tried "ibtables -F" and the to run the following lines:
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 7021 -j DNAT --to 192.168.0.2:21
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 21 -j ACCEPT
In stead of these two lines I also tried:
iptables -t nat -A PREROUTING -p tcp -d 18.104.22.168 --dport 7021 -j DNAT --to 192.168.0.2:21
But the port doesn't open, thus I cannot make a connection from the internet to my Win FTP server on the internal network. When I try to telnet the server with comando: telnet external_ip 7021 I get the message "Trying external ip... telnet: connect to address external_ip: Connection refused" And when I use the commando nmap -p 7021 external_ip I see the port is closed.
I hope someone can help me out.
Thanks in advance,