LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   TCP forward works, why not UDP?? (https://www.linuxquestions.org/questions/linux-networking-3/tcp-forward-works-why-not-udp-46020/)

Pcghost 02-18-2003 02:19 PM
TCP forward works, why not UDP??
 
I have successfully forwarded tcp connections on port 25 to our internal mail server. I use the same line to forward UDP connections on 5632 to an internal machine and it doesn't work. A port scan shows 25 open and responding, but it shows 5632 non-existent. What gives? Here is the rule I am using.

iptables -t nat PREROUTING -p udp --dport 5632 -d $EXTINT -j DNAT --to-destination 192.168.0.62:5632

also using this

iptables -A FORWARD -p udp --dport 5632 -d 192.168.0.62 -j ACCEPT

and last but not least

iptables -t nat -A POSTROUTING -p udp -d 192.168.0.62 --dport 5632 -j SNAT --to-source 192.168.0.56

.62 is the workstation to be forwarded to and from..
.56 is the Linux Proxy server doin the forwarding..

Does Iptables handle the forwarding of ports above 1024 the same as it does <1024? Or is there a difference in the way udp connections are forwarded?

Please help.. I really need to make this work. I got 25 forwarded after only a month and a half of trying. Thanks in advance..

Sorry to the mods for double posting. I am having difficulty editing/deleting my own posts. I tried to rewrite the first one and it said I didn't have permission. Again very sorry about this. I do know better than this. :tisk:

SlickWilly 02-18-2003 03:31 PM
Just reading your intentions I came up with the following :

Forward udp port 5632 to 192.168.0.62 from Linux box 192.168.0.56.

# $IPTABLES -t nat -A PREROUTING -p udp -d 192.168.0.56 --dport 5632 -j DNAT --to 192.168.0.62:5632
# $IPTABLES -A FORWARD -p udp -d 192.168.0.62 --dport 5632 -j ACCEPT

That should do you.

Not entirely sure why you're using the postrouting either.

*ponder*

You'll find that lots of games require forwarding a (range of) UDP port(s). Here's an example page you might want to peruse :

http://www2.farbot.com:81/linux/firewall_games.php

[edit]
It also appears you left off the -A in your first iptables line - the one before PREROUTING. Which isn't good.. :(
[/edit]

[edit2]
Quote from sig:
Quote:
Networking Master
Time for a sig change methinks. *cough*
[/edit2]

Slick.

Pcghost 02-18-2003 04:33 PM
Thanks for the help. Iptables is not included in my big headed signature line. :-)

closer8888 02-18-2003 06:03 PM
Answer to the postrouting question. I found that to be the only work around for forwarding. I think the problem has something to do with routing. I could use an answer to this problem also.
The problem is that ports do not get forwarded on the local network without post routing them. Forwarding to a local nic and address works fine

Pcghost 02-19-2003 10:39 AM
Quote:
Originally posted by SlickWilly
Just reading your intentions I came up with the following :

Forward udp port 5632 to 192.168.0.62 from Linux box 192.168.0.56.

# $IPTABLES -t nat -A PREROUTING -p udp -d 192.168.0.56 --dport 5632 -j DNAT --to 192.168.0.62:5632
# $IPTABLES -A FORWARD -p udp -d 192.168.0.62 --dport 5632 -j ACCEPT
Slick.
Thanks for the help. I am about to test this again. Quick question. In the above example you are forwarding port 5632 from the internal interface of the server to the internal nic on the client. Is that it? I have been forwarding from the external NIC on the server to the internal ip of the client. Back to the books I go.:study:

EDIT: Woohoo that did it. Thanks for all the help. I really appreciate it... Woohoo!! :D :D :D


All times are GMT -5. The time now is 01:57 AM.