LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-12-2011, 04:05 PM   #1
danielhilst
LQ Newbie
 
Registered: Apr 2010
Location: Brazil
Distribution: Gentoo,Archlinux
Posts: 18

Rep: Reputation: 0
UDP port forwarding doesn't work


Hi, I'm trying to forward UDP packages coming from eth1 at port 25826
to an server on my internal network

Here is the rule that I used
Code:
iptables -t nat -A PREROUTING -i eth1 -p udp --dport 25826 -j DNAT --to-destination 192.168.5.13:25826
iptables -A FORWARD -d 192.168.5.13 -j ACCEPT
This rule is simple ignored. Before ppl ask, I have sure
that the packets are coming at that port on that interface

Code:
[root@pax2 ~]# tcpdump -nni eth1 port 25826
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
20:12:23.926427 IP 201.28.214.89.43368 > 10.129.120.47.25826: UDP, length 1326
20:12:23.931575 IP 201.28.214.89.43368 > 10.129.120.47.25826: UDP, length 1300
20:12:23.937244 IP 201.28.214.89.43368 > 10.129.120.47.25826: UDP, length 1331

What I'm missing?

[]'s
 
Old 12-12-2011, 04:15 PM   #2
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,211

Rep: Reputation: 306Reputation: 306Reputation: 306Reputation: 306
Other rules before these denied packets or destination host has own rules? Add logging and check in syslog what is going on, for example:
Code:
iptables -t nat -A PREROUTING -i eth1 -p udp --dport 25826 -j LOG --log-prefix "PREROUTING: "
iptables -t nat -A PREROUTING -i eth1 -p udp --dport 25826 -j DNAT --to-destination 192.168.5.13:25826
iptables -A FORWARD -d 192.168.5.13 -j LOG --log-prefix "FORWARD: "
iptables -A FORWARD -d 192.168.5.13 -j ACCEPT
And you have enabled forwarding in this machine: "echo 1 > /proc/sys/net/ipv4/ip_forward"?

Last edited by eSelix; 12-12-2011 at 04:20 PM.
 
Old 12-12-2011, 04:16 PM   #3
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, Ubuntu, SLES, CentOS
Posts: 1,790

Rep: Reputation: 324Reputation: 324Reputation: 324Reputation: 324
@ Reply

Hi danielhilst,

Did you check where this rule is being place in your iptables list. I just want to make sure that the rule is not placed after explicit deny rule.
 
Old 12-13-2011, 06:30 PM   #4
danielhilst
LQ Newbie
 
Registered: Apr 2010
Location: Brazil
Distribution: Gentoo,Archlinux
Posts: 18

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by eSelix View Post
Other rules before these denied packets or destination host has own rules? Add logging and check in syslog what is going on, for example:
Code:
iptables -t nat -A PREROUTING -i eth1 -p udp --dport 25826 -j LOG --log-prefix "PREROUTING: "
iptables -t nat -A PREROUTING -i eth1 -p udp --dport 25826 -j DNAT --to-destination 192.168.5.13:25826
iptables -A FORWARD -d 192.168.5.13 -j LOG --log-prefix "FORWARD: "
iptables -A FORWARD -d 192.168.5.13 -j ACCEPT
--log-prefix this is really useful, thanks!!
The problem was not on iptables, I have made a change on collectd configurations file them the things start to work, I can't say why I can see the packages coming with tcpdump but cannot forward it.
Quote:
Originally Posted by eSelix View Post
And you have enabled forwarding in this machine: "echo 1 > /proc/sys/net/ipv4/ip_forward"?
ip_forward was aways enabled...
 
Old 04-19-2012, 03:48 PM   #5
topher800
LQ Newbie
 
Registered: Oct 2009
Posts: 2

Rep: Reputation: 0
tcpdump sees the packets because it inserts itself lower than iptables in the network stack.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do port-bind shellcodes work with port-forwarding? falc0n Linux - Security 2 04-27-2011 07:10 AM
Port forwarding doesn't work with ppp0 gubak Linux - Server 15 11-13-2009 04:16 AM
Higher port forwarding doesn't work fatman Linux - Networking 3 01-01-2006 09:31 AM
udp port forwarding to ip range oddo Linux - Networking 0 10-04-2004 07:09 AM
Server doesn't work with port forwarding enables Dawyea Linux - Networking 7 06-19-2004 09:57 AM


All times are GMT -5. The time now is 11:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration