LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-22-2013, 11:24 AM   #1
wierdbeard65
Member
 
Registered: Feb 2011
Posts: 32

Rep: Reputation: 1
Unhappy IPTABLES Port Forwarding


Hi,

Ok, I just KNOW that when you folks read this you will immediately know what I'm doing wrong, and I will feel stupid for making a silly mistake, but here goes!

AT home, I have Ubuntu 12.04 as my firewall, using IPTABLES. It also runs a web server for a captive portal.

Behind the firewall, I have a Windoze 2K8 box which I use as a Media Server running PLEX. All this works fine and I have an IPTABLES rule to allow access to plex from outside.

Ok, I am looking at implimenting my own Cloud-based storage, using OwnCloud. For reasons of availablilty of disk space, I have installed it alongside PLEX on the 2K8 box. It runs on IIS, which I have on port 85.

From within my network, I can access OWNCLOUD fine, so I know IIS is behaving.

I have 4 lines in my IPTABLES config (2 logging for testing) thus:
Code:
-A PREROUTING -p tcp -m tcp -i eth0 --dport 32400 -j LOG --log-prefix **PLEX**
-A PREROUTING -p tcp -m tcp -i eth0 --dport 32400 -j DNAT --to-destination 192.168.1.2:32400
-A PREROUTING -p tcp -m tcp -i eth0 --dport 85 -j LOG --log-prefix **OWNCLOUD**
-A PREROUTING -p tcp -m tcp -i eth0 --dport 85 -j DNAT --to-destination 192.168.1.2:85
Now, I know the traffic is making it to the firewall, because if I GREP for OWNCLOUD in SYSLOG, I get:


Quote:
May 22 11:08:06 puddinglane kernel: [520430.190639] **OWNCLOUD**IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=sss.sss.sss.sss DST=ddd.ddd.ddd.ddd LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=17196 DF PROTO=TCP SPT=15040 DPT=85 WINDOW=8192 RES=0x00 SYN URGP=0
May 22 11:08:12 puddinglane kernel: [520436.186047] **OWNCLOUD**IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=sss.sss.sss.sss DST=ddd.ddd.ddd.ddd LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=17235 DF PROTO=TCP SPT=15040 DPT=85 WINDOW=8192 RES=0x00 SYN URGP=0

But the browser times out waiting!

Like I said, PLEX works fine, so I thought my port forwarding syntax was fine. I'm sure it's something stupid and obvious, but I can't, for the life of me, see it!

HELP!!!

TIA
 
Old 05-23-2013, 03:32 PM   #2
Nikosis
Member
 
Registered: Dec 2005
Location: In front of the monitor
Distribution: Slackware
Posts: 322

Rep: Reputation: 59
Make sure that forwarding is enabled
Code:
cat /proc/sys/net/ipv4/ip_forward
Code:
-t nat -A PREROUTING -p tcp -i eth0 --destination-port 32400 -j DNAT --to-destination 192.168.1.2:32400
 
Old 05-24-2013, 10:19 AM   #3
wierdbeard65
Member
 
Registered: Feb 2011
Posts: 32

Original Poster
Rep: Reputation: 1
Thanks for the response!
Quote:
Originally Posted by Nikosis View Post
Make sure that forwarding is enabled
It is. I just checked, to make sure!

The line you quoted..
Quote:
Originally Posted by Nikosis View Post
Code:
-t nat -A PREROUTING -p tcp -i eth0 --destination-port 32400 -j DNAT --to-destination 192.168.1.2:32400
works, it is the forwarding of port 85 that doesn't. That's why I'm so mystified....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables - port forwarding to blocked port? spangberg Linux - Networking 2 03-26-2010 05:48 AM
port forwarding with iptables sunlinux Linux - Networking 3 05-10-2008 02:33 AM
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 08:35 PM
iptables port forwarding abdul_zu Linux - General 1 02-05-2006 04:39 AM
IPTABLES #Port Forwarding goldenmag Linux - Security 4 11-21-2003 08:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration