Port Forwarding

satish · 10-24-2007, 05:08 AM

i have redhat 9 proxy server in our office with static ip 59.144.124.58 and one database server in our private network which work on http://192.168.1.249:8300.

i want to give the access to our clients of this server through the internet. i heard about port forwarding and dmz so i search on google for this dmz and port forwarding but cannot apply all the rules.

currently we have one internet connection for this database server Through Dlink-Adsl modem Dsl-502t which have the option of dmz and port forwarding.Client access from this internet connection to our database server,but problem is that this internet connection always having the problem and our client cannot access our database server in the time of internet connection problems. so i want to do dmz and port forwarding on my linux proxy server.

please give me the iptables rules for this problem.

currently clients put the url in the browser like this

http://59.181.99.151:8300

This is the Mtnl Triband Connection Which having daily problems of internet connection.

and if you give me the rules of iptables and if the problem solve the clients access the url like this.

http://59.144.124.58:8300

This is my Redhat 9 proxy Server which having airtel broadband connecion with 512 kbps

Please give me the rules for this problem

Regards

Satish

win32sux · 10-24-2007, 07:46 AM

Code:

iptables -t nat -A PREROUTING -p TCP -i $WAN_IFACE -d 59.144.124.58 --dport 8300 \
-j DNAT --to-destination 192.168.1.249

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i $WAN_IFACE -o $LAN_IFACE -d 192.168.1.249 --dport 8300 \
-m state --state new -j ACCEPT

satish · 10-24-2007, 11:52 PM

Thanks for the quick reply.

your iptables last rule is giving me error like this

iptables -A FORWARD -i eth1 -o eth0 -d 192.168.1.249 --dport 8300 \ -m state --state new -j ACCEPT
iptables v1.2.7a: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information.

Please help me for the iptables because i am a newbie

Regards

Satish

win32sux · 10-25-2007, 12:05 AM

Quote:

Originally Posted by satish

your iptables last rule is giving me error like this

iptables -A FORWARD -i eth1 -o eth0 -d 192.168.1.249 --dport 8300 \ -m state --state new -j ACCEPT
iptables v1.2.7a: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information.

Yeah, sorry. It's because I accidentally left-out the protocol match.

It should be like this:

Code:

iptables -A FORWARD -p TCP -i $WAN_IFACE -o $LAN_IFACE -d 192.168.1.249 --dport 8300 \
-m state --state new -j ACCEPT

--dport and --sport only work when you've specified either TCP or UDP.

satish · 10-25-2007, 11:37 PM

i applied the iptables rules you had given but didn't workout

iptables -A FORWARD -p TCP -i eth1 -o eth0 -d 192.168.1.249 --dport 8300 \-m state --state new -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -p TCP -i eth1 -d 59.144.124.58 --dport 8300 \-j DNAT --to-destination 192.168.1.249

when i see iptables status it shows me rules applied

Table: nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere dsl-mum-static-058.124.144.59.airtelbroadband.intcp dpt:8300 to:192.168.1.249

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT gre -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:1723
ACCEPT all -- 192.168.100.0/24 192.168.100.0/24

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning
ACCEPT all -- 192.168.100.0/24 192.168.100.0/24
ACCEPT tcp -- anywhere 192.168.1.249 tcp dpt:8300 state NEW
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT gre -- anywhere anywhere

Chain RH-Lokkit-0-50-INPUT (0 references)
target prot opt source destination

when i go to access the url http://59.144.124.58:8300

it gives me below error

While trying to retrieve the URL: http://59.144.124.58:8300/

The following error was encountered:

Connection Failed
The system returned:

(111) Connection refused
The remote host or network may be down. Please try the request again. i also given the database server gateway to my linux server ip for his gatway.

Please help me out otherwise my boss will fired me

Regards

Satish

win32sux · 10-26-2007, 02:47 AM

Are you sure the server is online? What about local firewall rules on the server itself? Can you connect to 192.168.1.249:8300 from within the LAN? Remember that connecting to the public IP will only work from the WAN side. I can't find why it won't work by looking at that output. If you use these commands it might be a little more clear (please use code tags):

Code:

iptables -nvL FORWARD

Code:

iptables -t nat -nvL POSTROUTING