Hello all,
I just set up a Debian box with iptables. The box has two NIC's , eth0(192.168.0.102) for LAN and eth1(192.168.254.102) that is connected directly to my ADSL modem.
All firewalling etc is disabled on my modem.
After i installed linux/iptables the only commands that i used are these:
echo 1 > /proc/sys/net/ipv4/ip_forward
route add -net -n 192.168.0.0 netmask 255.255.255.0 dev eth0
route add -net -n 192.168.254.0 netmask 255.255.255.0 dev eth1
route add -net default gw 192.168.254.254
iptables --flush
iptables -t nat --flush
iptables --delete-chain
iptables -t nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
This way my Linux box can act as an Internet Gateway just fine. If i nmap my external ip from another network i can see all the open ports for services i use(as a web-server, mail-server etc.)
Now i just want to forward port 3389 to an internal win2k box in my LAN with the IP 192.168.0.100.
I searched the forums and used the usual commands i found, like:
iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 3389 -j DNAT --to 192.168.0.100:3389
iptables -A INPUT -p tcp -m state --state NEW --dport 3389 -i eth1 -j ACCEPT
iptables -t filter -A FORWARD -p tcp --dport 3389 -i eth1 -j ACCEPT -d 192.168.0.100
but nothing seems to work.... any1 ever done this before?
can you please help me?
some more info that u might find usefull:
linux:/var/www# ifconfig
eth0 Link encap:Ethernet HWaddr 00:00:0E:EF:92:3E
inet addr:192.168.0.102 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:328094 errors:0 dropped:0 overruns:0 frame:0
TX packets:167629 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:31062497 (29.6 MiB) TX bytes:166857725 (159.1 MiB)
Interrupt:5 Base address:0x2080 Memory:f4110000-f4110038
eth1 Link encap:Ethernet HWaddr 00:50:BA
E:E2:8A
inet addr:192.168.254.102 Bcast:192.168.254.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:181023 errors:0 dropped:0 overruns:0 frame:0
TX packets:145480 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:168253831 (160.4 MiB) TX bytes:16201206 (15.4 MiB)
Interrupt:10 Base address:0x2000
linux:/var/www# iptables -vnL
Chain INPUT (policy ACCEPT 4882 packets, 458K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 1588 packets, 1815K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 3893 packets, 505K bytes)
pkts bytes target prot opt in out source destination
Any help at all would be greatly appreciated, thank you in advance.