forwarding

alucard@xxxxxxxxx · Tue, 18 May 2004 10:22:07 -0400 (VET)

Hi there again,

   I finally decided to add a second card to both, the server and the
client to be able to forward packets from port 8080 in server 1 to port
80 in server 2 and somehow this packets are not going thru, let me
explain my scenario

                           Internet Address
                            Nat'ed Address
                            ---------------
                            |  Linux Box  |
                  Server 1  |10.73.219.156|nat'ed' address
                            | 192.168.0.1 |2nd NIC to forward packets
                            ---------------
                                 8080
                                   |
                                   |
                                  80
                            ---------------
                            |  web server |
                  Server 2  | 192.168.0.2 |
                            |             |
                            ---------------

- Server 1 has a natted addres using it's 10.73; what I'm trying to do is
that evrything that comes to 10.73.219.156:8080 gets forwarded to
192.168.0.2:80.

- Server 1 functions as a webserver and that's why I'm using port 8080 in
order to forward packets to port 80 in server 2

- Here's my Server 1's /etc/rc.d/rc.firewall script because somehow it's
not working:

-----
echo "Borrando posibles reglas anteriores..."
iptables -F
iptables -X

echo "Habilitando politicas de negacion total de paquetes"

iptables -P FORWARD DROP
iptables -P INPUT DROP

echo "Reglas para paquetes de entrada y salida"

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

##internas
iptables -A INPUT -i eth0 -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -i lo -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 110 -j ACCEPT

#para el forward
echo 0 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -d 192.168.0.2 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -d 192.168.0.1 -p tcp --dport 8080 \
    -j DNAT --to-destination 192.168.0.2:80
echo 1 > /proc/sys/net/ipv4/ip_forward
-----

I have done this many times and somehow this time is not working, that
means that I have changed many things using postrouting, nat and dnat. Is
it because any missconfiguration on Server 2's route? here's the output:

-----
[root@linserv root]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
10.73.216.0     *               255.255.252.0   U     0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         192.168.0.1     0.0.0.0         UG    0      0        0 eth1
-----

Is it because I have to use different INPUT rules? for what I know, INPUT
rules are only for the packets going to the computer itself.

Any suggestions will be great
Thanks a lot as usual to this great mailing list

Juan