LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-08-2005, 01:52 PM   #1
overproof
Member
 
Registered: Apr 2005
Distribution: mandrake 10.2, ubuntu 7.10
Posts: 51

Rep: Reputation: 15
port forwarding from eth0 to eth1 ?


Hi,
I have Linux box on a LAN (gateway is 192.168.0.1) eth0 is 192.168.0.5 All working fine.
I also have shared internet access from this Linux to another pc.
eth1 on linux is 192.168.1.1
IP address of other pc is 192.168.1.2
Internet access all ok from other pc except from aplication that works on ports lets say 2000/udp and 2001/tcp.
I have opened these ports on firewall on Linux box and also forwarded the same ports from gateway to eth0 but not working.
Tried to forward to eth1 (different subnet) not working.
How can I forward these ports from eth0 to eth1, if thats what I need to do ?
Thanks
 
Old 05-08-2005, 05:07 PM   #2
SirGertrude
Member
 
Registered: May 2004
Location: Missouri
Distribution: Gentoo
Posts: 59

Rep: Reputation: 15
If you are preforming NAT with the Linux box try this:

Code:
iptables -A FORWARD -p tcp --dport 2001 -j ACCEPT
iptables -A FORWARD -p udp --dport 200 -j ACCEPT

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2001 -j DNAT --to 192.168.1.2
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 2000 -j DNAT --to 192.168.1.2
Also make sure your gateway is forwarding the ports you need to eth0 on the router.
 
Old 05-09-2005, 04:49 AM   #3
overproof
Member
 
Registered: Apr 2005
Distribution: mandrake 10.2, ubuntu 7.10
Posts: 51

Original Poster
Rep: Reputation: 15
Thanks for your reply,
Not sure if I'm preforming NAT or not with my linux box, but I assume I do. (eth0 and eth1 act as a NAT router ?)
I have tried the recommended lines on iptables and also saved them with iptables-save, but still no joy.
The only reference of the said ports is below, but the problem is I don't know enough about iptables and ipchains.
Code:
hain FORWARD (policy DROP)
target     prot opt source               destination
DROP      !icmp --  anywhere             anywhere            state INVALID
eth0_fwd   all  --  anywhere             anywhere
eth1_fwd   all  --  anywhere             anywhere
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:2000
ACCEPT     udp  --  anywhere             anywhere            udp dpt:2001
ACCEPT     udp  --  anywhere             anywhere            udp dpt:2002
Any more help will be appreciated. thanks
 
Old 05-09-2005, 02:12 PM   #4
SirGertrude
Member
 
Registered: May 2004
Location: Missouri
Distribution: Gentoo
Posts: 59

Rep: Reputation: 15
It is difficult to tell exactly what your configuration is from this small piece of code, however I do see one problem here. IPTALBES will process the rules in order which means that your reject all rule will drop packets before they get to the accept lines. To fix this I would insert the rules at the top of the chain rather than adding them to the bottom like this:

Code:
iptables -I FORWARD 1 -p tcp --dport 2001 -j ACCEPT
iptables -I FORWARD 1 -p udp --dport 200 -j ACCEPT

iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 2001 -j DNAT --to 192.168.1.2
iptables -t nat -I PREROUTING 1 -i eth0 -p udp --dport 2000 -j DNAT --to 192.168.1.2
See if that doesn't fix your problem.

Also, it may help to see your entire configuration. If you do an "iptables-save" and post the output I or someone else may be able to help you further.
 
Old 05-11-2005, 02:19 PM   #5
overproof
Member
 
Registered: Apr 2005
Distribution: mandrake 10.2, ubuntu 7.10
Posts: 51

Original Poster
Rep: Reputation: 15
Once again thanks for your reply, but I ve got more questions
Up to now I have been using the GUI for sorewall on my system, so I'm not quite sure if the information held in "rules" in shorewall is the same as when I look in "iptables -L" To make things worse I also used once firestarter, and although it is now unistalled, there is still some stuff kicking around.
Is there one place/comand that overrules everything else so I can start with a clean sheet. And where is the IPTABLES file in the system if I wanted to copy/edit/restore. When I look in MAN IPTABLES-RESTORE it refers me to STDIN, where is it ?
Before I list the whole code for iptables here, I will need to edit the order of rules as you suggested. But before I do that I need to do a lot of
Thanks for your patience.
 
Old 05-12-2005, 12:49 AM   #6
sal_paradise42
Member
 
Registered: Jul 2003
Location: Utah
Distribution: Gentoo FreeBSD 5.4
Posts: 150

Rep: Reputation: 16
iptables -F will flush all of your rules
There isn't really an "iptables config" unless you have an iptables script.
the front end programs you are using create this script for you and then run it, it basically runs on the kernel.
you can definetly create a script, don't want to move you away from what you are trying to acomplish, but the iptables tutorial will be a great way to start.

Ip tables tutorial

There is couple of great examples on the bottom of this tutorial, with different topologies as examples
 
Old 05-15-2005, 08:37 AM   #7
overproof
Member
 
Registered: Apr 2005
Distribution: mandrake 10.2, ubuntu 7.10
Posts: 51

Original Poster
Rep: Reputation: 15
ok, if there isn't a config file, where do I save this script if I create one ?
I tried to FLUSH the iptables but when reboot, everything is back to where it was before.
I guess I will have to delete iptables or rules from kernel, but then I will be left with no firewall, unless I use the GUI.
 
Old 05-16-2005, 02:48 AM   #8
mike33
Member
 
Registered: Jul 2004
Location: Houston Tx
Distribution: kubuntu, Debian, Suse 10.2
Posts: 31

Rep: Reputation: 15
You can put your script anywhere you like, but /etc/init.d is a good place; if you don't want to
hunt down the other script that is creating the other rules, simply make the first line of your script
iptables -F #flush kernel table
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
forwarding a specific port from eth0 to eth1 zovres Linux - Networking 2 05-02-2006 10:01 PM
x86 board PCM 6892 with dual ethernet port.eth1 doesnt ping if eth0 cable removed rani_162 Linux - Newbie 0 07-23-2005 12:29 PM
port forward from eth0 to eth1 ryanzietlow Linux - Networking 8 03-01-2005 10:08 AM
iptables: forwarding SSH connection: eth0 to eth1 hamish Linux - Networking 12 01-14-2005 03:07 PM
IP forwarding from eth0 to eth1 musicman_ace Linux - Networking 5 08-01-2004 04:39 AM


All times are GMT -5. The time now is 07:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration