Hi, I've got a linux server set up as an internet gateway with two windows xp machines connected to it via a switch. I've been trying to forward ports 3389 and 4899 to one of the xp machines but have been unable to get it to work. I have however, successfullu forwarded port 80 to the same machine. Here are my firewall rules reguarding the ports.

$IPCHAINS -A input -i $EXTIF -p tcp -s 0.0.0.0/0 -d $EXTIP 80 -j ACCEPT
$IPCHAINS -A input -i $EXTIF -p tcp -s 0.0.0.0/0 -d $EXTIP 3389 -j ACCEPT
$IPCHAINS -A input -i $EXTIF -p tcp -s 0.0.0.0/0 -d $EXTIP 4899 -j ACCEPT

$IPCHAINS -A output -i $EXTIF -p tcp -s $EXTIP 80 -d 0.0.0.0/0 -j ACCEPT
$IPCHAINS -A output -i $EXTIF -p tcp -s $EXTIP 3389 -d 0.0.0.0/0 -j ACCEPT
$IPCHAINS -A output -i $EXTIF -p tcp -s $EXTIP 4899 -d 0.0.0.0/0 -j ACCEPT

/usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 3389 -R $PORTFWIP 3389
/usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 4489 -R $PORTFWIP 4899

Any ideas why port 80 would work but the other 2 won't?

Straight from my website, check the link below, you'll find a diamond in the rough every now and again ... ok, actually, I write this junk up on my website because I have a horrible memory and I need reference to it:

It's always a pain in the ass for me to remember how to do this, I always forget a step and add an extra step that matters not.

So, here's the example of port forwarding using iptables.

I have an internal server on port 10.0.0.2, running apache on port 80. I want to be able to reach it via port 81 from my gateway computer.

/sbin/iptables -t nat -I PREROUTING -p tcp -d 209.190.200.143 --dport 81 -j DNAT --to 10.0.0.2:80

That's the part I always remember.

/sbin/iptables -I FORWARD -p tcp -d 10.0.0.2 --dport 80 -j ACCEPT

That's the part I always forget.

Anyway, port forwarding in two easy steps.

Hopefully you can extrapolate what you need from the above by changing the port numbers, etc.

Sorry it's taken me so long to reply.

I've already gotten port forwarding to work, just not on the ports that I want it to forward. I've forwarded port 80 successfully but haven't had any success with 3389 or 4899. Also I have to use ipchains, not iptables.

*blush* sorry, didn't even see that it was ipchains, my apologies. However, if you got 80 to work, 80 is just a number, there's nothing special about it, the other numbers you put in there should work as well.

What you've given above, minus forwarding port 80 line ( don't see that, but I'm guessing it's the same. ) Sorry, don't know what to tell you.

I recently upgraded my kernel to 2.6 so I can use iptables now. I'm still having the same exact problem though. Here's my entire firewall script. Anyone see any problems?

http://panthers.pnc.edu/rjohns01/firewall2.txt