|
Port Forwarding problem
I've been trying to do a port forwarding in a linux machine. I really don't understand what's going on, when I try to establish a VNC connection between an DSL connection and another internal network... This is my little script...
Code:
#!/bin/shRegards |
Use redir 2.2.1 from (http://sammy.net/~sammy/hacks/)
It worls flawlessly for me. |
the FORWARD rule is missing. also have u enabled forwarding in the kernel.
|
Could you be more explicit? I realle donīt know how to check if Forward has been enabled in the kernel....
I do it in this way... echo 1 > /proc/sys/net/ipv4/ip_forward Anything else? Regards |
I found this example but it doesn't work neither
Quote:
Quote:
|
First change the VNC port no. on 10.10.1.69 to 5901.
================== #!/bin/sh ##################################### # Example NAT usage for 2.4 kernels # # Stephanie Lockwood-Childs 1/17/01 # ##################################### echo 1 > /proc/sys/net/ipv4/ip_forward #----------------------# # Variable Definitions # #----------------------# EXT=eth0 INT=eth1 PORT_FORWARD="5900 5901" # "Port Forwarding" Example EXTERNAL_IP=128.111.1.200 VNC_SERVER1=10.10.1.38 VNC_SERVER2=10.10.1.69 # iptables -t nat -A PREROUTING -d $EXTERNAL_IP -p tcp --dport 7000 -j DNAT --to-dest $VNC_SERVER1:5900 iptables -t nat -A PREROUTING -d $EXTERNAL_IP -p tcp --dport 8000 -j DNAT --to-dest $VNC_SERVER2:5901 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT for i in $PORT_FORWARD; do iptables -A FORWARD -i $EXT -o $INT -p tcp -m state --state NEW --dport $i -j ACCEPT done |
Problem solved beacuse I added a route in the VNC servers although I really don't think this would be the right way, and now I have a problem with my external network. I'll describe the problem with this diagram
http://img246.imageshack.us/img246/9945/networkgp1.png My script is this. I can do a port forwarding from Lan 1 network to any server because I created a route in both servers, but if I want to connect from internet nothing happens, because servers don't know where to send that petitions, I have port forwarding in DSL router so if the router receives any petition on port 5000 it will send to linux server and this one will make a port forwwarding to the server, but with my external IP (IP from internet), the serve won't send any packet to the linux interface, I've been tryin with masquerade but nithing happens, this one is my script. Quote:
|
which DSL router u have?
assuming on the DSL router you have done port forwarding properly. -d <DSL public IP> --dport 5000 -j DNAT --to 192.168.20.176:5000 -d <DSL public IP> --dport 5001 -j DNAT --to 192.168.20.176:5001 on the linux machine which has ip -> 192.168.20.176 add default gateway to the DSL router INTERNAL_IP and in iptables of 192.168.20.176 machine: -d 192.168.20.176 --dport 5000 -j DNAT --to 10.31.17.140:5900 -d 192.168.20.176 --dport 5001 -j DNAT --to 10.31.17.148:5900 add default gateway on these two VNC server to -> INTERNAL_IP of 192.168.20.176 macine also add the FORWARD rule properly on the 192.168.20.176 machine -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -i eth0 -o eth1 -p tcp --dport 5900 -m state --state NEW -j ACCEPT ## For postrouting -t nat -A POSTROUTING -s 10.31.17.0/255.255.255.0 -o eth0 -j SNAT --to 192.168.20.176 -A FORWARD -i eth1 -m state --state NEW -j ACCEPT Points to note: The default gateway for 192.168.20.176 -> DSL router INTERNAL_IP The default gateway for VNC_SERVERS -> 192.168.20.176 machine's INTERNAL_IP |
Thanks for your interes I'll try on monday because I lost remote access to these machines....
Regards |
| All times are GMT -5. The time now is 03:21 AM. |