OK, I have 2 PHYSICAL NICS, one NIC has 2 IP address and the other one has 1 ip connected to my LAN so I have:

eth0 and eth0:1 (both IP's ARE a public (REAL) IP Addresses (And they both work because i can ping both from the outside)

eth1 for my LAN has 10.1.1.1

I want to forward port 8080 on eth0:1 to one of my Private servers on my LAN. My server is listening on port 8080. So that is already set, I can get to my server on port 8080 from one of my other computers on my LAN.

SOOOOOO, I can't get through my Firwall from the outside, below is part of my rc.firewall script:

$IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to x.x.x.x #my public IP
$IPTABLES -t nat -A PREROUTING -i eth0:1 -p tcp --dport 8080 -j DNAT --to 10.1.1.20:8080
$IPTABLES -A FORWARD -i eth0:1 -o eth1 -p tcp -d 10.1.1.20 --dport 8080 -j ACCEPT

Am i missing something? Where can i look where it rejects the request? I've looked in /var/log/messages file and can't see anything in there.
Please help!?

what is your default policy for forwarding? if that is set to drop then you need to add a line which says it should accept the exsisting and related ones.

something like this

$IPTABLES -A FORWARD -i eth0:1 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

I entered the following line:

$IPTABLES -A FORWARD -i eth0:1 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

but I still get the this message:

Network Connection was refused by server x.x.x.x:8080.
The server may not be accepting connections or may be busy.

Try connecting again later.


Is there a log I can look at besided /var/log/messages?

please post your firewall script or provide a link to it.

Here is my script (ALL OF IT), remember eth0 and eth0:1 have pulic IP addresses, eth1 is to my private address:

#!/bin/sh
#
# rc.firewall - Initial SIMPLE IP Masquerade test for 2.4.x kernels using IPTABLES.
echo -e "\n\nLoading simple rc.firewall \n"
# The location of the 'iptables' program
IPTABLES=/usr/local/sbin/iptables
echo -en " loading modules: "
echo " - Verifying that all kernel modules are ok"
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using the PORT method
#
/sbin/modprobe ip_masq_ftp
#
# CRITICAL: Enable IP forwarding since it is disabled by default since
# Redhat Users: you may try changing the options in
# /etc/sysconfig/network from
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=TRUE
echo " enabling forwarding.."
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_always_defrag
#
echo " Enabling SNAT (MASQUERADE) functionality on eth0"
$IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to X.X.X.X # The X's is where i put my public IP Address #
$IPTABLES -t nat -A PREROUTING -p tcp --dport 8080 -i eth0:1 -j DNAT --to 10.1.1.20:8080
$IPTABLES -A FORWARD -i eth0:1 -o eth1 -p tcp -d 10.1.1.20 --dport 8080 -j ACCEPT
$IPTABLES -A FORWARD -i eth0:1 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
echo -e "\nrc.firewall-2.4 done.\n"

I found out why my iptables is not working, iptables does not like my second interface eth0:1, it does not like the colon":" is there a way for me to use eth0:1 in iptable with the ":" ?