LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   "in LAN" routing problem (https://www.linuxquestions.org/questions/linux-software-2/in-lan-routing-problem-409609/)

steelback 01-30-2006 08:44 AM
"in LAN" routing problem
 
I have a working router and some ports are forwarded to PCs in the network.
A redirecting rule:
(router):4662 -> 192.168.227.12:4662
Now i can connect from the world to the machine behind the router(217.75.151.157 and 192.168.227.20) (jule is a machine not from my LAN)
Code:
joro@jule:~$ telnet 217.75.151.157 4662
Trying 217.75.151.157...
Connected to 217.75.151.157.
Escape character is '^]'.
bla bla bla, the connection is working!!Q!!
Connection closed by foreign host.
joro@jule:~$
but i cant connect to the 217.75.151.157:4662 from the LAN (malkia is the router)
Code:
joro@malkia:~$ telnet 217.75.151.157 4662
Trying 217.75.151.157...
telnet: connect to address 217.75.151.157: Connection refused
joro@malkia:~$
The idea of this is allowing peer-to-peer programs(eMule) on my network, to contact each other using different ports on the router 217.75.151.157

steelback 01-30-2006 08:50 AM
here are the important 2 lines in my script:
Code:
iptables -t nat -A PREROUTING -p tcp --dport 4662 -j DNAT --to-destination 192.168.227.12:4662
iptables -A FORWARD -p tcp --dport 4662 -j ACCEPT
that is a piece of my iptables config file:
Code:
# Flush NAT in the beginning:
iptables -t nat -F
iptables -t nat -P PREROUTING DROP

iptables -t nat -A PREROUTING -i $INTERNAL -j ACCEPT # po dobre taka, shtoto inache si zapushvam dhcp-to

# ############################# forwarding ###########################
iptables -t nat -A PREROUTING -p tcp --dport 4662 -j DNAT --to-destination 192.168.227.12:4662
iptables -t nat -A PREROUTING -p udp --dport 4672 -j DNAT --to-destination 192.168.227.12:4672
iptables -t nat -A PREROUTING -p tcp --dport 4562 -j DNAT --to-destination 192.168.227.12:4562
iptables -t nat -A PREROUTING -p udp --dport 4572 -j DNAT --to-destination 192.168.227.12:4572
iptables -A FORWARD -p tcp --dport 4662 -j ACCEPT
# ############################ end forwarding ########################

iptables -A FORWARD -i $EXTERNAL -o $INTERNAL -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTERNAL -o $EXTERNAL -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE

carlmarshall 01-30-2006 09:51 AM
Probably more down to your router than the system. Try connecting to the internal IP address; if it works, it's the router.

Carl.

steelback 01-30-2006 03:35 PM
i can connect using the local IP
Code:
root@malkia:~# telnet 192.168.227.12 4662
Trying 192.168.227.12...
Connected to 192.168.227.12.
Escape character is '^]'.
i can connect using the local IP
Connection closed by foreign host.
root@malkia:~#
Yes, the problem must be in the configuration of iptables, but for me everything is clear?

carlmarshall 01-31-2006 03:34 AM
Sounds like it's not the iptables but that the router won't allow a reflective connection, i.e. internal -> external -> internal.
I've found that several routers can't handle this type of connection.

Carl.

steelback 01-31-2006 04:34 AM
May be, I dont know. Any ideas how to solve my problem?

Joro


All times are GMT -5. The time now is 12:23 PM.