LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-16-2006, 04:33 AM   #1
gugabaga
Member
 
Registered: Jan 2006
Distribution: Fedora
Posts: 61

Rep: Reputation: 15
Configuring DNAT over static ip


Hi,

I have configured DNAT on a static ip address by using iptables

iptables -t nat -A PREROUTING --dst X.X.X.X -p tcp --dport 1433 -j DNAT --to-destination 192.168.127.1:1433

As can be seen from above I want to open only port 1433, i.e. MS SQL Server port.

But when trying to connect a database package which uses this port I get an error.

How do I ascertain whether it is a fault of my router, i.e. the connection is not being forwarded, or a problem with my ms sql server, i.e. my router is forwarding the request but the sql server is not responding.

Note: I have SNAT on through this command -

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

SNAT is working fine.

Please help.

Regards

Last edited by gugabaga; 02-16-2006 at 04:39 AM.
 
Old 02-16-2006, 05:30 AM   #2
gugabaga
Member
 
Registered: Jan 2006
Distribution: Fedora
Posts: 61

Original Poster
Rep: Reputation: 15
Hi

When I am doing a port scan on localhost it is showing 1433 as closed.

How can I open the port? Is it necessary to open 1433 to enable routing to m sql server?

Regards
 
Old 02-16-2006, 05:42 AM   #3
Nathanael
Member
 
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 33
add the rule to the forwarding chain
iptables -A FORWARD -i eth0 -o eth1 -d 192.168.127.1 --dport 1433 -j ACCEPT
 
Old 02-16-2006, 08:46 AM   #4
gugabaga
Member
 
Registered: Jan 2006
Distribution: Fedora
Posts: 61

Original Poster
Rep: Reputation: 15
Hi Nathanael,

1) I tried what you said. But it is not working.....

2) From your response I gather that you think it is a problem with the iptables forwarding rule. Is there any way to ascertain what connections are coming into my router from outside?

Thanks for your interest

Regards
 
Old 02-16-2006, 09:50 PM   #5
philix
Member
 
Registered: Sep 2005
Location: India
Distribution: Redhat Debian
Posts: 36

Rep: Reputation: 15
Hi Gugabaga,
What is the error message the MS SQL client produces ?
Do you have any other Server Applications where a another port forwarding could be
tried using the above mentioned iptables rules ?
If possible please try it
Expecting your Reply

Thanks
Philix
 
Old 02-17-2006, 03:32 AM   #6
gugabaga
Member
 
Registered: Jan 2006
Distribution: Fedora
Posts: 61

Original Poster
Rep: Reputation: 15
Hi Philix,

The error is could not connect to database. database does not exist.

About another server application which can be tried.... not at the present moment. I am also trying to setup a mail server on Fedora Core. Once that is up I will be able to try it.

Regards
 
Old 02-20-2006, 09:19 PM   #7
philix
Member
 
Registered: Sep 2005
Location: India
Distribution: Redhat Debian
Posts: 36

Rep: Reputation: 15
Hi Gugabaga,

Is there any way to check the Client is getting connected to the server from internal network ?
telnet <IP Address > 1433 would also be enough.
This makes sure whether the problem is with the database or with the Linux router.
Can you please check whether the database server port 1433 is active and waiting for connections?

Thanks
Philix
Jesus Loves you too
 
Old 02-21-2006, 06:36 AM   #8
gugabaga
Member
 
Registered: Jan 2006
Distribution: Fedora
Posts: 61

Original Poster
Rep: Reputation: 15
Hi philix,

thanks for replying.

yes i am being able to connect to database server from another node in LAN by telnet.

Also the software package that access the sql db, works from any LAN node.

Thanks and Regards
 
Old 02-21-2006, 10:27 PM   #9
philix
Member
 
Registered: Sep 2005
Location: India
Distribution: Redhat Debian
Posts: 36

Rep: Reputation: 15
Hi Gugabaga,

Can you please try this command ?
iptables -t nat -A PREROUTING -p tcp --dport 1433 -i eth0 -j DNAT --to 192.168.1.127:1433

Thanks
Philix
Jesus Loves you too
 
Old 02-22-2006, 04:05 AM   #10
gugabaga
Member
 
Registered: Jan 2006
Distribution: Fedora
Posts: 61

Original Poster
Rep: Reputation: 15
hi philix,

I had previously tried -

iptables -t nat -A PREROUTING --dst X.X.X.X -p tcp --dport 1433 -j DNAT --to-destination 192.168.127.1:1433

now you want me to try -

iptables -t nat -A PREROUTING -p tcp --dport 1433 -i eth0 -j DNAT --to 192.168.127.1:1433

It basically looks the same to me. But I will try it non the less and get back to you.

Thanks and regards
 
Old 02-26-2006, 11:09 PM   #11
philix
Member
 
Registered: Sep 2005
Location: India
Distribution: Redhat Debian
Posts: 36

Rep: Reputation: 15
Hi Gugabaga,

Hope you have enabled forwarding in this manner too.

echo 1 > /proc/sys/net/ipv4/ip_forward

Thanks
Philix
Jesus Loves you too
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Configuring Linux for static ip saravanan1979 Linux - Networking 2 02-23-2006 08:00 PM
Manually configuring DHCP for static IP -- cannot assign IP tristanlee85 Linux - Networking 3 10-16-2005 02:34 AM
Annoying static DNAT problem pestie Linux - Networking 4 01-18-2005 05:32 PM
Configuring Static IP nasrudin Linux - Networking 16 01-12-2005 08:17 AM
Configuring domain names on static IP addresses from SBC DSL redbasin Linux - Networking 4 02-10-2004 11:06 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration