LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-12-2013, 08:54 AM   #1
ali.abry
Member
 
Registered: Feb 2013
Posts: 74

Rep: Reputation: Disabled
iptables wont forward port 22 because of the rules in filter table


Hi every body

I've got a problem with iptables that dosn't forward port 22 .
if i flush all FILTER rules , it's able to forward port 22 but after putting rules in FILTER table it wont forward port 22 .
rules are really simple i don't understand why they prevent from forwrding.
here is the ruls in my FILTER table :

Code:
# iptables -S -t filter
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -d 172.16.134.148/32 -i eth0 -p tcp -m multiport --dports 22,33,80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -d 172.16.134.148/32 -i eth0 -p tcp -m multiport --sports 22,80,443 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -d 172.16.134.148/32 -i eth0 -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -d 172.16.134.148/32 -i eth0 -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -d 172.16.134.148/32 -i eth0 -p icmp -m icmp --icmp-type 0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 172.16.134.148/32 -i eth0 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 172.16.134.148/32 -o eth0 -p tcp -m multiport --sports 22,33,80 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -s 172.16.134.148/32 -o eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -s 172.16.134.148/32 -o eth0 -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -s 172.16.134.148/32 -o eth0 -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -s 172.16.134.148/32 -o eth0 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 172.16.134.148/32 -o eth0 -p icmp -m icmp --icmp-type 0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
and heres the rules in NAT table :
Code:
# iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A PREROUTING -d 172.16.134.148/32 -i eth0 -p tcp -m tcp --dport 22 -j DNAT --to-destination 172.16.134.131:22
-A POSTROUTING -o eth0 -j MASQUERADE
 
Old 06-13-2013, 04:13 AM   #2
ali.abry
Member
 
Registered: Feb 2013
Posts: 74

Original Poster
Rep: Reputation: Disabled
Hi
find the answer :
the problem was that the main policy of FORWARD chain in filter table was DENY so i add these two rules to let ssh communication out and in :
Code:
iptables -t filter -A FORWARD -o eth0 -p tcp --dport 22 -m state --state new,established -j ACCEPT
 iptables -t filter -A FORWARD -i eth0 -p tcp --sport 22 -m state --state established -j ACCEPT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
can't initialize iptables table `filter': Table does not exist... sodek Linux - Software 3 05-07-2012 02:54 AM
iptables can't initialize iptables table `filter': Bad file descriptor donalbane Linux - Networking 2 08-17-2011 08:36 AM
iptables v1.3.8: can't initialize iptables table `filter' sebastien.lorandel Linux - Networking 11 09-22-2007 06:34 AM
iptables forward rules yawe_frek Linux - Security 1 04-16-2007 03:21 AM
iptables forward rules -x-Ed-x- Linux - Security 3 09-24-2002 02:51 AM


All times are GMT -5. The time now is 02:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration