Iptables can't port forward (PAT Port address translation)
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Iptables can't port forward (PAT Port address translation)
Hi,
I'm using a Debian servers, as router/firwall..
I've two ethernet interfaces into the server, one for wan and one for lan. The i use SNAT so my LAN clients can access the internet throgh the debian router. That is working...
Now i want to be able to access servers on the LAN site from the WAN site, and i wanna use port address translation (PAT).
I have a FTP server running on a lan server, so i'm trying to portward port 21.
When people try to access my FTP from the WAN site, they are redirected to the local FTP server, and they are promted for crendentials, but when the credentials are typed, and the local ftp server should answer the wan request, the connections dies.
The wan clients are being promted for credentials, so they are redirected to the local lan server, but after that the connections dies, so i think there is some kind of nat problem, when the local lan server is trying to respond to the wan request..
You've got the initial connection covered, but you need something for the data channel. Here's a web site that looked like it described it fairly well:
You should also allow packets RELATED, ESTABLISHED. FTp is a protocol whis is using an initial startup protocol and uses other ports related with that.
iptable -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
You should also allow packets RELATED, ESTABLISHED. FTp is a protocol whis is using an initial startup protocol and uses other ports related with that.
iptable -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
Also you should have modprobe
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
I just thought that i already was accepting everything (just whne i'm testing) with these commands:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
You've got the initial connection covered, but you need something for the data channel. Here's a web site that looked like it described it fairly well:
You should modprobe these modules:
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
I've already tried that. Still The same, after typing the login crendentials the connections dies.
I've only tried to setup VNC on a loacl PC, and portforwardet port 5900 to that PC.
When I from the outside try to connect to that computer through VNC the same thing i happening. Login crendentials to VNC i apear, but the connection dies after typing them...
Squid Proxy:
eth0: 192.168.1.100
eth1: 192.168.3.21
******************
internal Network:
192.168.3.xxx
******************
Pblic IP is nated with internel network IP
Now I want to access the rdp of win-7 machine from outside. but unable to access that
my iptables are given below:
iptables -t nat -A PREROUTING -p tcp --dport 3389 -d 192.168.3.100 -j DNAT --to-destination 192.168.3.xx:3389
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.