[NTLUG:Discuss] Port forwarding not working

David Stanaway david at stanaway.net
Sat Apr 28 19:39:04 CDT 2007 

I have a simple bash based firewall script I use you might want. It does
most of the things you seem to want.



Neil Aggarwal wrote:
> Hello all:
> 
> I just realized that the port forwarding rule
> I posted was one I was testing on port 1724 since
> I did not know if the Linux box was getting confused
> by having the same internal and external port.
> 
> I changed it to:
> 
> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d $ETH0_IP 
> 	--sport 1024: --dport 1723 
> 	-j DNAT --to $LINKSYS_VPN_IP:1723
> 
> And I still get the same problem.
> 
> Any ideas?
> 
> Thanks,
>   Neil
> 
> 
> --
> Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
> FREE! Eliminate junk email and reclaim your inbox.
> Visit http://www.spammilter.com for details.
> 
> -----Original Message-----
> From: discuss-bounces at ntlug.org [mailto:discuss-bounces at ntlug.org] On Behalf
> Of Neil Aggarwal
> Sent: Saturday, April 28, 2007 9:19 AM
> To: 'NTLUG Discussion List'
> Subject: [NTLUG:Discuss] Port forwarding not working
> 
> Hello:
> 
> I have a Linux box acting as a firewall and gateway
> for my local internet.  The private IP is 192.168.1.1
> 
> Behind that, I have a Linksys VPN box.  Its IP
> is 192.168.1.101.
> 
> If I go to my Linux box and issue this command:
> 
> telnet 192.168.1.101 1723
> 
> I get this output:
> 
> Trying 192.168.1.101...
> Connected to 192.168.1.101 (192.168.1.101).
> Escape character is '^]'.
> 
> Everything is fine.  I can connect to the Linksys box
> without a problem.
> 
> Now, I want to set up routing from the external world
> to be able to access the Linksys box.
> 
> I added this rule to my firewall to do the forwarding:
> 
> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d $ETH0_IP 
> 	--sport 1024: --dport 1724 
> 	-j DNAT --to $LINKSYS_VPN_IP:1723
> 
> It is all one one line, I added link breaks for readability.
> 
> When I tried to telnet to port 1723 on my public IP, I saw logs
> from my firewall for inbound packets so I added these rules:
> 
> /sbin/iptables -A FORWARD -i eth0 -o eth1 -d $LINKSYS_VPN_IP 
> 	-p tcp --sport 1024: --dport 1723 
> 	-m state --state NEW,ESTABLISHED -j ACCEPT
> /sbin/iptables -t nat -A POSTROUTING -o eth1 -d $LINKSYS_VPN_IP 
> 	-p tcp --sport 1024: --dport 1723 
> 	-m state --state NEW,ESTABLISHED -j ACCEPT
> 
> But, I am not seeing any logs for the outbound packets from
> the Linksys box and the telnet session from the remore computer
> is not connecting.  
> 
> Any ideas what is going on?
> 
> Thanks,
> 	Neil
> 
> --
> Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
> FREE! Eliminate junk email and reclaim your inbox.
> Visit http://www.spammilter.com for details.
> 
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
> 
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list