LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-05-2006, 09:37 PM   #1
Koven
Member
 
Registered: Dec 2003
Distribution: Arch Linux
Posts: 49

Rep: Reputation: 15
Port Forwarding problem


I've been trying to do a port forwarding in a linux machine. I really don't understand what's going on, when I try to establish a VNC connection between an DSL connection and another internal network... This is my little script...

Code:
#!/bin/sh

#####################################
# Example NAT usage for 2.4 kernels #
# Stephanie Lockwood-Childs 1/17/01 #
#####################################

#----------------------#
# Variable Definitions #
#----------------------#

EXT=eth0
INT=eth1

# "Port Forwarding" Example
EXTERNAL_IP=128.111.1.200
VNC_SERVER1=10.10.1.38
VNC_SERVER2=10.10.1.69


# 
iptables -t nat -A PREROUTING -d $EXTERNAL_IP -p tcp --dport 7000 -j DNAT --to-dest $VNC_SERVER1:5900
iptables -t nat -A PREROUTING -d $EXTERNAL_IP -p tcp --dport 8000 -j DNAT --to-dest $VNC_SERVER2:5900
Any help would be really apreciated

Regards

Last edited by Koven; 10-05-2006 at 09:38 PM.
 
Old 10-06-2006, 07:08 AM   #2
sawan
LQ Newbie
 
Registered: Jun 2005
Location: Welcome to the Matrix
Distribution: Mandrake 10.1, FC3
Posts: 26

Rep: Reputation: 15
Use redir 2.2.1 from (http://sammy.net/~sammy/hacks/)
It worls flawlessly for me.
 
Old 10-06-2006, 08:23 AM   #3
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
the FORWARD rule is missing. also have u enabled forwarding in the kernel.
 
Old 10-06-2006, 09:36 AM   #4
Koven
Member
 
Registered: Dec 2003
Distribution: Arch Linux
Posts: 49

Original Poster
Rep: Reputation: 15
Could you be more explicit? I realle donīt know how to check if Forward has been enabled in the kernel....

I do it in this way...

echo 1 > /proc/sys/net/ipv4/ip_forward

Anything else?

Regards
 
Old 10-06-2006, 10:26 AM   #5
Koven
Member
 
Registered: Dec 2003
Distribution: Arch Linux
Posts: 49

Original Poster
Rep: Reputation: 15
I found this example but it doesn't work neither

Quote:
What there aren't enough of is plan old examples. Here is my configuration. xxx's replace personal info.

iface eth1 inet static
address 209.195.xxx.xxx
netmask 255.255.255.224
gateway 209.195.xxx.xxx

iface eth0 inet static
address 10.10.10.1
netmask 255.255.255.0
network 10.10.10.0
broadcast 10.10.10.255
up /sbin/iptables -t nat -F
up /sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
up /sbin/iptables -t nat -A PREROUTING -p tcp --dport 2021 -j DNAT --to 10.10.10.2:21
up /sbin/iptables -t nat -A PREROUTING -p tcp --dport 2022 -j DNAT --to 10.10.10.2:22
up /sbin/iptables -t nat -A PREROUTING -p tcp --dport 2080 -j DNAT --to 10.10.10.2:80
This is my routing table...

Quote:
root@koven-desktop:koven# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
200.31.17.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Regards

Last edited by Koven; 10-06-2006 at 10:27 AM.
 
Old 10-06-2006, 03:06 PM   #6
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
First change the VNC port no. on 10.10.1.69 to 5901.

==================
#!/bin/sh

#####################################
# Example NAT usage for 2.4 kernels #
# Stephanie Lockwood-Childs 1/17/01 #
#####################################

echo 1 > /proc/sys/net/ipv4/ip_forward

#----------------------#
# Variable Definitions #
#----------------------#

EXT=eth0
INT=eth1

PORT_FORWARD="5900 5901"

# "Port Forwarding" Example
EXTERNAL_IP=128.111.1.200
VNC_SERVER1=10.10.1.38
VNC_SERVER2=10.10.1.69


#

iptables -t nat -A PREROUTING -d $EXTERNAL_IP -p tcp --dport 7000 -j DNAT --to-dest $VNC_SERVER1:5900
iptables -t nat -A PREROUTING -d $EXTERNAL_IP -p tcp --dport 8000 -j DNAT --to-dest $VNC_SERVER2:5901


iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

for i in $PORT_FORWARD; do
iptables -A FORWARD -i $EXT -o $INT -p tcp -m state --state NEW --dport $i -j ACCEPT
done

Last edited by ~=gr3p=~; 10-06-2006 at 03:15 PM.
 
Old 10-07-2006, 12:08 PM   #7
Koven
Member
 
Registered: Dec 2003
Distribution: Arch Linux
Posts: 49

Original Poster
Rep: Reputation: 15
Problem solved beacuse I added a route in the VNC servers although I really don't think this would be the right way, and now I have a problem with my external network. I'll describe the problem with this diagram

http://img246.imageshack.us/img246/9945/networkgp1.png

My script is this. I can do a port forwarding from Lan 1 network to any server because I created a route in both servers, but if I want to connect from internet nothing happens, because servers don't know where to send that petitions, I have port forwarding in DSL router so if the router receives any petition on port 5000 it will send to linux server and this one will make a port forwwarding to the server, but with my external IP (IP from internet), the serve won't send any packet to the linux interface, I've been tryin with masquerade but nithing happens, this one is my script.


Quote:
#!/bin/bash

iptables -F
iptables -X
iptables -Z
iptables -t nat -F


iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT

iptables -t nat -A PREROUTING -p tcp -d 192.168.20.176 --dport 5000 -j DNAT --to-destination 10.31.17.140:5900
iptables -t nat -A PREROUTING -p tcp -d 192.168.20.176 --dport 5001 -j DNAT --to-destination 10.31.17.148:5900

iptables -t nat -A POSTROUTING -s 10.31.17.0/255.255.255.0 -o eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward
Regards
 
Old 10-08-2006, 01:25 AM   #8
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
which DSL router u have?

assuming on the DSL router you have done port forwarding properly.

-d <DSL public IP> --dport 5000 -j DNAT --to 192.168.20.176:5000
-d <DSL public IP> --dport 5001 -j DNAT --to 192.168.20.176:5001

on the linux machine which has ip -> 192.168.20.176 add default gateway to the DSL router INTERNAL_IP

and in iptables of 192.168.20.176 machine:

-d 192.168.20.176 --dport 5000 -j DNAT --to 10.31.17.140:5900
-d 192.168.20.176 --dport 5001 -j DNAT --to 10.31.17.148:5900

add default gateway on these two VNC server to -> INTERNAL_IP of 192.168.20.176 macine

also add the FORWARD rule properly on the 192.168.20.176 machine

-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i eth0 -o eth1 -p tcp --dport 5900 -m state --state NEW -j ACCEPT

## For postrouting
-t nat -A POSTROUTING -s 10.31.17.0/255.255.255.0 -o eth0 -j SNAT --to 192.168.20.176

-A FORWARD -i eth1 -m state --state NEW -j ACCEPT

Points to note:

The default gateway for 192.168.20.176 -> DSL router INTERNAL_IP

The default gateway for VNC_SERVERS -> 192.168.20.176 machine's INTERNAL_IP
 
Old 10-08-2006, 09:42 PM   #9
Koven
Member
 
Registered: Dec 2003
Distribution: Arch Linux
Posts: 49

Original Poster
Rep: Reputation: 15
Thanks for your interes I'll try on monday because I lost remote access to these machines....


Regards
 
  


Reply

Tags
port forwarding


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 08:35 PM
Problem with Port Forwarding Zorrocaesar Linux - Networking 1 10-25-2005 08:18 AM
Problem with Port forwarding :( aronnok Linux - Networking 2 04-06-2005 03:16 PM
port forwarding problem syrtsardo Linux - Networking 6 07-19-2004 02:50 AM
port forwarding problem roueleader Linux - Newbie 9 06-11-2002 05:44 PM


All times are GMT -5. The time now is 05:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration