LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-13-2004, 05:33 AM   #1
fychan
LQ Newbie
 
Registered: Apr 2004
Location: London, UK
Distribution: Redhat Fedora
Posts: 2

Rep: Reputation: 0
Port forwarding with iptables on Fedora


Right, before I start, I really must emphasise the fact that I really am a Linux newbie. About as new as you can get :P

I was running a Windows 2K box as my server/gateway, but have since decided to move to Linux. I have a comprehensive website written in ColdFusion on the 2K box, but don't have the Linux version of CF at the moment, but would like to keep my website up online until I have moved it into PHP or got a Linux version of CF... whatever.

I've been told that I can set my Linux box up to "bounce" requests on port 80 to my 2K machine and thus return the web pages to browsers "invisibly" by either using Apache or iptables, so I've been looking into the latter. I've come across loads of posts about this sort of thing (i.e. /questions/showthread.php?s=&forumid=3&threadid=161490), and have tried implementing them, but I am getting "Connection refused" errors in my browser, and I can't work out where the problem is lying, and was hoping someone could look at this lot and tell me where I'm going wrong...

Some background:
192.168.143.87 = Win2K box.
80.1.240.91 = new Fedora installed box, with Apache running on port 81
eth0 = external interface
eth1 = local network

I really don't know what is useful to anyone, so I've just dumped the whole lot.... Sorry

iptables -t nat -L
Code:
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere            tcp dpt:http to:192.168.143.87:80

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.143.0/24     anywhere
MASQUERADE  all  --  192.168.85.0/24      anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
iptables -L
Code:
Chain INPUT (policy DROP)
target     prot opt source               destination
INETIN     all  --  anywhere             anywhere
ACCEPT     all  --  192.168.143.0/24     anywhere
ACCEPT     all  --  192.168.85.0/24      anywhere
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
INETIN     all  --  anywhere             anywhere
INETIN     all  --  anywhere             anywhere
INETOUT    all  --  anywhere             anywhere
INETOUT    all  --  anywhere             anywhere
ACCEPT     all  --  192.168.143.0/24     anywhere
ACCEPT     all  --  192.168.85.0/24      anywhere
ACCEPT     tcp  --  anywhere             192.168.143.87      tcp dpt:http

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
INETOUT    all  --  anywhere             anywhere

Chain DMZIN (0 references)
target     prot opt source               destination

Chain DMZOUT (0 references)
target     prot opt source               destination

Chain INETIN (3 references)
target     prot opt source               destination
TREJECT    all  --  anywhere             anywhere            state INVALID
TREJECT    icmp --  anywhere             anywhere            icmp redirect
TREJECT    icmp --  anywhere             anywhere            icmp router-advertisement
TREJECT    icmp --  anywhere             anywhere            icmp router-solicitation
TREJECT    icmp --  anywhere             anywhere            icmp type 15
TREJECT    icmp --  anywhere             anywhere            icmp type 16
TREJECT    icmp --  anywhere             anywhere            icmp address-mask-request
TREJECT    icmp --  anywhere             anywhere            icmp address-mask-reply
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request limit: avg 1/sec burst 5
TREJECT    icmp --  anywhere             anywhere            icmp echo-request
ACCEPT     icmp --  anywhere             anywhere            icmp !echo-request
TCPACCEPT  tcp  --  anywhere             anywhere            tcp dpt:ssh
UDPACCEPT  udp  --  anywhere             anywhere            udp dpt:bootpc
UDPACCEPT  udp  --  anywhere             anywhere            udp dpt:6112
UDPACCEPT  udp  --  anywhere             anywhere            udp dpt:6119
UDPACCEPT  udp  --  anywhere             anywhere            udp dpt:4000
ACCEPT     all  --  anywhere             anywhere            state ESTABLISHED
TCPACCEPT  tcp  --  anywhere             anywhere            tcp dpts:1024:65535 state RELATED
UDPACCEPT  udp  --  anywhere             anywhere            udp dpts:1024:65535 state RELATED
TREJECT    all  --  anywhere             anywhere

Chain INETOUT (3 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain LDROP (0 references)
target     prot opt source               destination
LOG        tcp  --  anywhere             anywhere            limit: avg 2/sec burst 5 LOG level info prefix `TCP Dropped '
LOG        udp  --  anywhere             anywhere            limit: avg 2/sec burst 5 LOG level info prefix `UDP Dropped '
LOG        icmp --  anywhere             anywhere            limit: avg 2/sec burst 5 LOG level info prefix `ICMP Dropped '
LOG        all  -f  anywhere             anywhere            limit: avg 2/sec burst 5 LOG level warning prefix `FRAGMENT Dropped '
DROP       all  --  anywhere             anywhere

Chain LREJECT (0 references)
target     prot opt source               destination
LOG        tcp  --  anywhere             anywhere            limit: avg 2/sec burst 5 LOG level info prefix `TCP Rejected '
LOG        udp  --  anywhere             anywhere            limit: avg 2/sec burst 5 LOG level info prefix `UDP Rejected '
LOG        icmp --  anywhere             anywhere            limit: avg 2/sec burst 5 LOG level info prefix `ICMP Rejected '
LOG        all  -f  anywhere             anywhere            limit: avg 2/sec burst 5 LOG level warning prefix `FRAGMENT Rejected '
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain LTREJECT (0 references)
target     prot opt source               destination
LOG        tcp  --  anywhere             anywhere            limit: avg 2/sec burst 5 LOG level info prefix `TCP Rejected '
LOG        udp  --  anywhere             anywhere            limit: avg 2/sec burst 5 LOG level info prefix `UDP Rejected '
LOG        icmp --  anywhere             anywhere            limit: avg 2/sec burst 5 LOG level info prefix `ICMP Rejected '
LOG        all  -f  anywhere             anywhere            limit: avg 2/sec burst 5 LOG level warning prefix `FRAGMENT Rejected '
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
REJECT     udp  --  anywhere             anywhere            reject-with icmp-port-unreachable
DROP       icmp --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain PREROUTING (0 references)
target     prot opt source               destination

Chain TCPACCEPT (2 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp flags:SYN,RST,ACK/SYN limit: avg 20/sec burst 5
LOG        tcp  --  anywhere             anywhere            tcp flags:SYN,RST,ACK/SYN limit: avg 2/sec burst 5 LOG level warning prefix `Possible SynFlood '
TREJECT    tcp  --  anywhere             anywhere            tcp flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere            tcp flags:!SYN,RST,ACK/SYN
LOG        all  --  anywhere             anywhere            limit: avg 2/sec burst 5 LOG level warning prefix `Mismatch in TCPACCEPT '
TREJECT    all  --  anywhere             anywhere

Chain TREJECT (13 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
REJECT     udp  --  anywhere             anywhere            reject-with icmp-port-unreachable
DROP       icmp --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain UDPACCEPT (5 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            limit: avg 2/sec burst 5 LOG level warning prefix `Mismatch on UDPACCEPT '
TREJECT    all  --  anywhere             anywhere

Chain ULDROP (0 references)
target     prot opt source               destination
ULOG       tcp  --  anywhere             anywhere            limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LDROP_TCP' queue_threshold 1
ULOG       udp  --  anywhere             anywhere            limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LDROP_UDP' queue_threshold 1
ULOG       icmp --  anywhere             anywhere            limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LDROP_ICMP' queue_threshold 1
ULOG       all  -f  anywhere             anywhere            limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LDROP_FRAG' queue_threshold 1
DROP       all  --  anywhere             anywhere

Chain ULREJECT (0 references)
target     prot opt source               destination
ULOG       tcp  --  anywhere             anywhere            limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LREJECT_TCP' queue_threshold 1
ULOG       udp  --  anywhere             anywhere            limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LREJECT_UDP' queue_threshold 1
ULOG       icmp --  anywhere             anywhere            limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LREJECT_UDP' queue_threshold 1
ULOG       all  -f  anywhere             anywhere            limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LREJECT_FRAG' queue_threshold 1
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain ULTREJECT (0 references)
target     prot opt source               destination
ULOG       tcp  --  anywhere             anywhere            limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LTREJECT_TCP' queue_threshold 1
ULOG       udp  --  anywhere             anywhere            limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LTREJECT_UDP' queue_threshold 1
ULOG       icmp --  anywhere             anywhere            limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LTREJECT_ICMP' queue_threshold 1
ULOG       all  -f  anywhere             anywhere            limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LTREJECT_FRAG' queue_threshold 1
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
REJECT     udp  --  anywhere             anywhere            reject-with icmp-port-unreachable
DROP       icmp --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
 
Old 04-13-2004, 11:34 AM   #2
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
how can we see the trouble?? if i send u like this output, could u see the trouble?

try the following URL
http://iptables-script.dk/index1.php
 
Old 04-13-2004, 12:17 PM   #3
fychan
LQ Newbie
 
Registered: Apr 2004
Location: London, UK
Distribution: Redhat Fedora
Posts: 2

Original Poster
Rep: Reputation: 0
I'm sorry, like I said, I'm a newbie, and I don't know what the problem is, or where it lies. So I don't know what will / would be useful.

I'm just stuck with a problem which I don't have a clue how to solve. Sorry.
 
Old 04-13-2004, 12:49 PM   #4
artur
Member
 
Registered: Apr 2002
Location: Illinois, US
Distribution: Red Hat, Fedora, Yellow Dog, Debian, FreeBSD, Embedix
Posts: 106

Rep: Reputation: 15
is forwarding enabled? try
cat /proc/sys/net/ipv4/ip_forward
to check. Should be = 1, if not, do
echo 1 > /proc/sys/net/ipv4/ip_forward

posting more details about your network would help. Do you have two ethernet interfaces on your linux box? Use tcpdump on both interfaces to see what happens to the packets. Would be interesting to know which box says "Connection refused". Is it the linux box or windoze?

What does netstat -anp --inet display?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 08:35 PM
FWBuilder + iptables + fedora -> port forwarding the_reen Linux - Security 2 09-04-2004 01:34 PM
IPTABLES #Port Forwarding goldenmag Linux - Security 4 11-21-2003 08:10 AM
Iptables - Port Forwarding luivm Linux - Networking 3 05-19-2003 03:30 PM
iptables and port forwarding jamesws Linux - Networking 0 02-10-2002 07:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration