LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-04-2015, 02:32 AM   #1
keflex87
LQ Newbie
 
Registered: May 2015
Posts: 1

Rep: Reputation: Disabled
iptables - Reply Forwarding Error / Destination unreachable (Host unreachable)


Hallo,

i would like to route a VNC Connection from a PC(VNC-Client) over a Raspberry-PI(with 2 Network Interfaces) to a SPS(VNC-Server)

VNC Port: >= TCP 5900

PC/VNC-Client(192.168.56.48) VNC Client <--> RaspberryPI(eth1:192.168.70.197) <--> (eth0:10.0.0.2) <--> SPS/VNC-Server(10.0.0.1).

For my first test i use icmp(ping) instead of VNC. My routing commands:

LOCAL_IFACE=eth0
INET_IFACE=eth1
INET_ADDRESS=192.168.70.197
LOCAL_ADDRESS=10.0.0.2

#PC-->SPS
iptables -t nat -A POSTROUTING -o $LOCAL_IFACE -j MASQUERADE
iptables -A FORWARD -i $INET_IFACE -m state --state NEW -j ACCEPT
iptables -t nat -A PREROUTING -p icmp -i $INET_IFACE -j DNAT --to-destination 10.0.0.1

#PC<--SPS
iptables -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
iptables -A FORWARD -i $LOCAL_IFACE -o $INET_IFACE -j ACCEPT
iptables -t nat -A PREROUTING -p icmp -i $LOCAL_IFACE -o $INET_IFACE -j DNAT --to-destination 192.168.56.48

Wireshark (Raspberry PI eth0 & eth1 filter icmp):

No. Time Source Destination Protocol Length Info
21 4.538921000 192.168.56.48 192.168.70.197 ICMP 74 Echo (ping) request id=0x0001, seq=21/5376, ttl=127

No. Time Source Destination Protocol Length Info
25 4.540118000 10.0.0.2 10.0.0.1 ICMP 74 Echo (ping) request id=0x0001, seq=21/5376, ttl=126

No. Time Source Destination Protocol Length Info
26 4.540710000 10.0.0.1 10.0.0.2 ICMP 74 Echo (ping) reply id=0x0001, seq=21/5376, ttl=64

No. Time Source Destination Protocol Length Info
32 7.533461000 10.0.0.2 10.0.0.1 ICMP 102 Destination unreachable (Host unreachable) <--------------------------???????????

No. Time Source Destination Protocol Length Info
69 9.489564000 192.168.56.48 192.168.70.197 ICMP 74 Echo (ping) request id=0x0001, seq=22/5632, ttl=127

No. Time Source Destination Protocol Length Info
71 9.489905000 10.0.0.2 10.0.0.1 ICMP 74 Echo (ping) request id=0x0001, seq=22/5632, ttl=126

No. Time Source Destination Protocol Length Info
72 9.490534000 10.0.0.1 10.0.0.2 ICMP 74 Echo (ping) reply id=0x0001, seq=22/5632, ttl=64

No. Time Source Destination Protocol Length Info
86 12.483500000 10.0.0.2 10.0.0.1 ICMP 102 Destination unreachable (Host unreachable) <-----------------------------???????????

My Questions:
Why is the reply not routed to the PC? Where is the error?
How can I route the VNC-connection if the PC has a dynamic IP?

Thanks for your support
Andre
 
Old 05-12-2015, 12:03 AM   #2
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Costa Rica
Distribution: Kubuntu, Debian, Knoppix
Posts: 2,092
Blog Entries: 1

Rep: Reputation: 90
Ok.... let's try.

On the rp, run these commands and give us the output:

Code:
ip link show
ip addr show
ip route show
iptables -L -nv
iptables -t nat -L -nv
sysctl net.ipv4.ip_forward
On the client, run these commands both before and after connecting to the VPN:

Code:
ip link show
ip addr show
ip route show
Let's see what we can make out of that.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Reply from <ip address>: Destination host unreachable. kwatts59 Linux - Networking 6 06-11-2014 07:41 PM
Network is Unreachable/Unknown host/Destination Host Unreachable [Debian] denv Linux - Networking 4 03-27-2014 02:58 PM
[SOLVED] Snort Signature: ICMP Destination Unreachable Port Unreachable very noisy mhollis Linux - Security 4 08-15-2011 02:01 PM
Server Red Hat and error message Destination Host Unreachable zillah Linux - Networking 4 04-27-2007 10:41 PM
sendmail transmit timed out error -destination host unreachable KTCommander04 Linux - Networking 2 12-23-2003 09:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration