Port forwarding does not work!

philipina · 03-03-2004, 12:58 AM

Port forwarding with iptables is not working?!! ( post #1)

Hello,

I have a problem with iptables port forwarding.
I read a lot of documents and questions about that.
I also checked everything about that in the forum but it's nerver work.
I would like to forward all data from 10.1.1.53:1240 to 10.1.1.240:9000.

I'm using redhat 9.

I added some rules with a script :

/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 10.1.1.53 --dport 1240 -j DNAT --to 10.1.1.240:9000
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 10.1.1.240 --dport 9000 -j ACCEPT

and I modified the file /etc/sysctl.conf --> # Controls IP packet forwarding
net.ipv4.ip_forward = 1

After restarting the network and iptables I have the following status.

[root@localhost init.d]# ./iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere 10.1.1.53 tcp dpt:1240 to:10.1.1.240:9000

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere 10.1.1.240 tcp dpt:9000

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

But the IP forwarding is not working.
I also tried a lot of different configurations.
Where is the problem?
I'm going to become crazy!!!

Thanks a lot in advance for your help.

Alain.

philipina · 03-03-2004, 01:49 AM

I finnaly got the solution with the next rules

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -t nat -A PREROUTING -p tcp -d 10.1.1.53 -s ! 10.1.1.240 --dport 1240 -j DNAT --to 10.1.1.240:9000
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 10.1.1.240 --dport 9000 -j ACCEPT

philipina · 03-03-2004, 02:15 AM

Now I have another problem, I added the same rules for a new ports but only the first one is working. I also changed the value net.ipv4.ip_forward = 4 in /etc/sysctl.conf.

Here are my rules:
------------------------

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -t nat -A PREROUTING -p tcp -d 10.1.1.53 -s ! 10.1.1.240 --dport 1240 -j DNAT --to 10.1.1.240:9000
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 10.1.1.240 --dport 9000 -j ACCEPT

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -t nat -A PREROUTING -p tcp -d 10.1.1.53 -s ! 10.1.1.241 --dport 1241 -j DNAT --to 10.1.1.241:9000
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 10.1.1.241 --dport 9000 -j ACCEPT

/sbin/iptables -t nat -A PREROUTING -p tcp -d 10.1.1.53 -s ! 10.1.1.242 --dport 1242 -j DNAT --to 10.1.1.242:9000
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 10.1.1.242 --dport 9000 -j ACCEPT

/sbin/iptables -t nat -A PREROUTING -p tcp -d 10.1.1.53 -s ! 10.1.1.243 --dport 1243 -j DNAT --to 10.1.1.243:9000
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 10.1.1.243 --dport 9000 -j ACCEPT

But only the port 1240 id forwaded?

Any idea?

Thanks in advance.

Alain.