LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-15-2002, 12:38 PM   #1
kofi
Member
 
Registered: Aug 2002
Location: Atlanta
Distribution: Redhat Linux 7.2 & 7.3 + 8.0
Posts: 59

Rep: Reputation: 15
RH 7.3 Port forwarding not working - Desperations sets in!


Hey guys,

Recently set up IP Masquerade on my RH 7.3 (kernel:2.4.18.3) box and it went smoothly using the HOWTO at:

HOWTO Site

I am trying to simple port forward to one of my internal boxes. I know I know.. we have heard this before. Funny thing is.. I get no errors at ll only allconections to ports 80, 25, 21 & 53 are all refused. this makes me think that my rules are strict and are not allowing anything to be forwarded.

this is the snippet of cde in my rc.firewall-2.4 file:

############## FTP (PORT: 21) FORWARD
echo "-Forwarding FTP Port: 21"
$IPTABLES -A FORWARD -i $EXTIF -o $PORTFWIP_4 -p tcp --dport 21 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 21 \
-j DNAT --to $PORTFWIP_4:21
echo "-Done --Port 21 forwarded successfully."
############ End FTP FORWARD


The output when i run the firewall script is:



Loading STRONGER rc.firewall - version 0.73s..

External Interface: eth0
Internal Interface: eth1
---
External IP: XXX.XXX.XXX.XXX
---
Internal Network: 192.168.1.0/24
Internal IP: 192.168.1.1/24
---
- Verifying that all kernel modules are ok
Loading kernel modules: ip_tables, ip_conntrack, ip_conntrack_ftp,
ip_conntrack_irc, iptable_nat, ip_nat_ftp
---
Enabling forwarding..
Clearing any existing rules and setting default policy to DROP..
Creating a DROP chain..

- Loading INPUT rulesets
- Loading OUTPUT rulesets
- Loading FORWARD rulesets
- FWD: Allow all connections OUT and only existing/related IN
- NAT: Enabling SNAT (MASQUERADE) functionality on eth0
-Enabling Port Forwarding!
-Forwarding DNS Port: 53
-Done -- Port 53 forwarded successfully.
-Forwarding WWW Port: 80
-Done --Port 80 forwarded successfully.
-Forwarding SMTP Port: 25
-Done --Port 25 forwarded successfully.
-Forwarding FTP Port: 21
-Done --Port 21 forwarded successfully.

Stronger rc.firewall-2.4 0.73s done.
and i have set all the IP addresses to my internal servers correctly.

So as you can see all modules are loaded. Is there anything i am missing here ? I am willing at this point to involve congress if it helps. Can any one tell me why it is rejecting all my port forwarding and is there something in the firewall script I need to change to make this work? If so ..what? Thanks all.


Desperate Guy.
 
Old 10-15-2002, 03:35 PM   #2
kofi
Member
 
Registered: Aug 2002
Location: Atlanta
Distribution: Redhat Linux 7.2 & 7.3 + 8.0
Posts: 59

Original Poster
Rep: Reputation: 15
IS anybody out there?

Put up a post on issues with IPTABLES and port forwarding above


. No response so far.... help....please
 
Old 10-15-2002, 03:37 PM   #3
g_goblin
Member
 
Registered: Oct 2002
Location: Chitown
Distribution: RH 7.2/3
Posts: 48

Rep: Reputation: 15
Have you echo 1 > /proc/sys/net/ipv4/ip_forward?

green one
 
Old 10-15-2002, 03:46 PM   #4
kofi
Member
 
Registered: Aug 2002
Location: Atlanta
Distribution: Redhat Linux 7.2 & 7.3 + 8.0
Posts: 59

Original Poster
Rep: Reputation: 15
Yep..... even did cat on it.. and it and it is set to 1.. the code also resets it to 1 still nada. Dont think I need to recomple kernel to enable forwarding since I understood i t is already turned on in redhat 7.3 Thanks.. and let me know.. anything else you can think of
 
Old 10-15-2002, 03:53 PM   #5
g_goblin
Member
 
Registered: Oct 2002
Location: Chitown
Distribution: RH 7.2/3
Posts: 48

Rep: Reputation: 15
Here is what I do: (ip's of course are mod'd)

iptables -t nat -I PREROUTING -d 192.168.254.249 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.25.2.207:80

iptables -I FORWARD -d 10.25.2.207 -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT

green one
 
Old 10-15-2002, 03:55 PM   #6
g_goblin
Member
 
Registered: Oct 2002
Location: Chitown
Distribution: RH 7.2/3
Posts: 48

Rep: Reputation: 15
Also, if you drop all input, make sure you do it after you accept your nat'd address or it will block those too.

green one
 
Old 10-15-2002, 06:17 PM   #7
kofi
Member
 
Registered: Aug 2002
Location: Atlanta
Distribution: Redhat Linux 7.2 & 7.3 + 8.0
Posts: 59

Original Poster
Rep: Reputation: 15
Ok.. I put the firewall file on my site, If you can take a look and tell me me anything here is wrong or if the nated address are being dropped.

http://www.gsu.edu/~usgkssx/rc.firewall-2.4


Thanks !
 
Old 10-15-2002, 06:41 PM   #8
kofi
Member
 
Registered: Aug 2002
Location: Atlanta
Distribution: Redhat Linux 7.2 & 7.3 + 8.0
Posts: 59

Original Poster
Rep: Reputation: 15
Ooops My bad i forgot it was txt... here is the htmlized version:


http://www.gsu.edu/~usgkssx/firewall.html


Thanks again for all the input.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
port forwarding? not working?... snip128 Linux - Networking 1 10-07-2005 10:49 AM
iptables port forwarding not working! friendklay Linux - Networking 1 03-23-2005 07:37 AM
Port forwarding to RH 9.0 machine not working Jeeves79 Linux - Networking 3 05-29-2004 04:11 PM
port forwarding NOT working :( Avatar Linux - Networking 19 04-23-2004 02:53 AM
Port forwarding with iptables is not working?!! philipina Linux - Networking 1 04-03-2004 04:18 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration