Hello,

I'm trying for a couple of days not to forward port 3389 to an internal machine but with no luck.

I've done this before successfully but i think that because there are two internet connections on this linux box maybe i'm doing something wrong..
This is my 'ifconfig' output:

eth0 Link encap:Ethernet HWaddr 00:0A:5E:20:60:A1
inet addr:X.X.X.X Bcast:X.X.X.Y Mask:255.255.255.192
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17758821 errors:0 dropped:0 overruns:1 frame:0
TX packets:19711510 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1060501715 (1011.3 Mb) TX bytes:3181393850 (3034.0 Mb)
Interrupt:22 Base address:0xc000

eth0:0 Link encap:Ethernet HWaddr 00:0A:5E:20:60:A1
inet addr:10.0.0.2 Bcast:10.0.0.3 Mask:255.255.255.252
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:22 Base address:0xc000

eth1 Link encap:Ethernet HWaddr 00:0A:5E:22:A3:E8
inet addr:10.0.0.6 Bcast:10.0.0.7 Mask:255.255.255.252
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5666902 errors:134 dropped:0 overruns:1 frame:134
TX packets:4680175 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2439193889 (2326.1 Mb) TX bytes:555740239 (529.9 Mb)
Interrupt:18 Base address:0xc400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:29175 errors:0 dropped:0 overruns:0 frame:0
TX packets:29175 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1731640 (1.6 Mb) TX bytes:1731640 (1.6 Mb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:Y.Y.Y.Y P-t-P:62.103.1.96 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:5630199 errors:0 dropped:0 overruns:0 frame:0
TX packets:4646066 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2312349915 (2205.2 Mb) TX bytes:451480157 (430.5 Mb)


So, i want to forward from Y.Y.Y.Y:3389 to let's say 192.168.0.10:3389.

i did check if ip forward is enabled:

root@router:~# cat /proc/sys/net/ipv4/ip_forward
1
root@router:~#

and i did this on iptables:

iptables -A FORWARD -i ppp0 -o eth1 -p tcp --dport 3389 -j ACCEPT

iptables -A PREROUTING -t nat -p tcp -d Y.Y.Y.Y --dport 3389 -j DNAT --to 192.168.0.10:3389


But no luck, am i missing something?

Thanx in advance

Well, are you otherwise doing IP Masq on this box? You need some rule to get the traffic back out to the internet. Also, is Y.Y.Y.Y one of your IPs? If so, I would use -i INTERFACE instead (cleaner rules).

Hello Matir and thanks for your reply,

i use this rule for masq:

iptables -t nat -A POSTROUTING -d 10.0.0.0/24 -j MASQUERADE

Should i do something else too?

and yes, Y.Y.Y.Y is one of my external IP's to the internet on the ppp0 interface..

Why are you masquerading packets TO the local net? I use 'iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQ'.

Hello again,

Matir do u have MSN or something so we can talk from there?
Mine is palesths@hotmail.com

Please add me if you can so i can send you my iptables script, the real IP's and everything

P.S. I used the command u just sent but still not working :-/

I don't have MSN, but I have AIM (info's in my profile). Do other outbound connections work?

Hi again,

Yes everything seems to work fine, this box is also an internet gateway.. and all the boxes behind this linux works fine.
The only thing that's not working is the port forward thing :-/

I think that maybe because there are 2 DSL connections on this box i'm getting confused about the rules i have to use.. i'll right a more specific diagram on the network setup and the interfaces on that box and i'll send them to you when i get the chance to go there again.

Thanks for your help