ppp0, iptables, and port forwarding.
*pulling hair out* I have a setup of iptables from centos 5.8 Kernel Linux 2.6.18-308.11.1.el5 on i686. I recently moved from the inner city to a more rural area and because of that we had to get dsl, before that we had cable. I had setup all my tables and everything was working before we moved and now with the change to dsl i cant get any of my ports open to the outside, 80/443/5222/9091/25565. At the moment i was working on getting 5222 open first as it's a high priority port. I have changed my masq. and all the other int. to represent the changes and yet still my brain is racked. any help is much appreciated. :)
this is my iptables -nvL -t nat: Code:
Chain PREROUTING (policy ACCEPT 66 packets, 5692 bytes) Code:
207.225.112.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 |
This is my iptables output:
Code:
# Generated by iptables-save v1.3.5 on Fri Jul 13 20:59:09 2012 |
Quote:
It's just what I understand your Iptables but I don't know how to solve it. |
no vpn. :) the connection would be: client on wan side with port 5222 > dnat > local ip and port 5222 -- server answers then local ip > masq > wan conn on port 5222. ;)
|
Your iptables configuration is a mess. You should not be filtering packets from within the nat table.
Try this: Code:
# Generated by SuperJediWombat v1.0 on Fri Jul 18 16:52:00 2012 |
Everything seems to working at the moment. :D I do agree the tables were a mess.
|
Was just wondering if this add on would be a bit much, as in stupid, to add to the nat table?
Code:
*nat |
@SuperJediWombat! Thank you so much for your help! Besides the tables being a mess, what was the real problem? i'm trying to find it... ;) again thank you soooooooooo much, you saved my life and business. ^_^
|
This would be my new and improved iptables.
Code:
# Generated by iptables-save v1.3.5 on Wed Jul 18 10:01:18 2012 |
No problem, I'm glad that it is working now.
You should not be filtering traffic from within the nat table. This is what your nat table should look like, with the extra rules you have added: Code:
*nat |
When i had the nat setup without the filtering, i had a massive dos and SYN/ACK attack, i know right how the hell where they getting through my nat O.o. After i had implemented the filtering i noticed that only real traffic was getting through and the hackerz/crackerz traffic had completely stopped.
Currently this is what i'm running under nat: Code:
Code:
-A POSTROUTING -m state -o ppp0 --state ESTABLISHED,RELATED -j ACCEPT and -A POSTROUTING -o ppp0 -j DROP |
what i be working with now.
Code:
# Generated by iptables-save v1.3.5 on Wed Jul 18 10:01:18 2012 |
All times are GMT -5. The time now is 02:16 AM. |