"in LAN" routing problem

steelback · 01-30-2006, 08:44 AM

I have a working router and some ports are forwarded to PCs in the network.
A redirecting rule:
(router):4662 -> 192.168.227.12:4662
Now i can connect from the world to the machine behind the router(217.75.151.157 and 192.168.227.20) (jule is a machine not from my LAN)

Code:

joro@jule:~$ telnet 217.75.151.157 4662
Trying 217.75.151.157...
Connected to 217.75.151.157.
Escape character is '^]'.
bla bla bla, the connection is working!!Q!!
Connection closed by foreign host.
joro@jule:~$

but i cant connect to the 217.75.151.157:4662 from the LAN (malkia is the router)

Code:

joro@malkia:~$ telnet 217.75.151.157 4662
Trying 217.75.151.157...
telnet: connect to address 217.75.151.157: Connection refused
joro@malkia:~$

The idea of this is allowing peer-to-peer programs(eMule) on my network, to contact each other using different ports on the router 217.75.151.157

steelback · 01-30-2006, 08:50 AM

here are the important 2 lines in my script:

Code:

iptables -t nat -A PREROUTING -p tcp --dport 4662 -j DNAT --to-destination 192.168.227.12:4662
iptables -A FORWARD -p tcp --dport 4662 -j ACCEPT

that is a piece of my iptables config file:

Code:

# Flush NAT in the beginning:
iptables -t nat -F
iptables -t nat -P PREROUTING DROP

iptables -t nat -A PREROUTING -i $INTERNAL -j ACCEPT # po dobre taka, shtoto inache si zapushvam dhcp-to

# ############################# forwarding ###########################
iptables -t nat -A PREROUTING -p tcp --dport 4662 -j DNAT --to-destination 192.168.227.12:4662
iptables -t nat -A PREROUTING -p udp --dport 4672 -j DNAT --to-destination 192.168.227.12:4672
iptables -t nat -A PREROUTING -p tcp --dport 4562 -j DNAT --to-destination 192.168.227.12:4562
iptables -t nat -A PREROUTING -p udp --dport 4572 -j DNAT --to-destination 192.168.227.12:4572
iptables -A FORWARD -p tcp --dport 4662 -j ACCEPT
# ############################ end forwarding ########################

iptables -A FORWARD -i $EXTERNAL -o $INTERNAL -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTERNAL -o $EXTERNAL -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE

carlmarshall · 01-30-2006, 09:51 AM

Probably more down to your router than the system. Try connecting to the internal IP address; if it works, it's the router.

Carl.

steelback · 01-30-2006, 03:35 PM

i can connect using the local IP

Code:

root@malkia:~# telnet 192.168.227.12 4662
Trying 192.168.227.12...
Connected to 192.168.227.12.
Escape character is '^]'.
i can connect using the local IP
Connection closed by foreign host.
root@malkia:~#

Yes, the problem must be in the configuration of iptables, but for me everything is clear?

carlmarshall · 01-31-2006, 03:34 AM

Sounds like it's not the iptables but that the router won't allow a reflective connection, i.e. internal -> external -> internal.
I've found that several routers can't handle this type of connection.

Carl.

steelback · 01-31-2006, 04:34 AM

May be, I dont know. Any ideas how to solve my problem?

Joro