Re: Fedora Core 2. Port Forwarding Problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Antony Stone wrote:
On Saturday 24 July 2004 4:25 am, ÐÐÑÐÐÐÐ ÐÐÐÑÐÐÐÐ wrote:

  
I've installed fedora core 2 and tried to reuse my old settings i
retained from redhat9 system.

Masqeurading works fine, but when i try to do port forwarding like this
iptables -t nat -A PREROUTING -p tcp -d <domainname.com> --dport 80 -j
DNAT --to 192.168.20.40:80
rule adds itself fine, but port 80 is not accessible from outside.
    

Are you sure about the resolving of domainname.com?   What does the rule get 
added as?
It simply resolves the address and adds the IP.
  
when i try to connect from outside it doesn't say connection refused, it
dies after a timeout.
/proc/net/ip_conntrack doesn't show any presence of connection, I tried
to send it to -j LOG & ULOG but both end up empty.
    

Please show us your ruleset.   We would like to see:
 - what IP address the above PREROUTING rule gets installed with
 - the corresponding FORWARD rule for the packets
 - an appropriate reply packet rule
 - how you have been LOGging packets for testing

I suggest the output of "iptables -L -nvx; iptables -L -t nat -nvx" and if 
appropriate also "iptables -L -t mangle -nvx" is a good format for us to 
understand where you're starting from.

Regards,

Antony.
iptables -L -nvx doesn't contain any rules yet.

[root@border root]# iptables -L -t nat -nvx
Chain PREROUTING (policy ACCEPT 5913 packets, 353422 bytes)
ÂÂÂ pktsÂÂÂÂÂ bytes targetÂÂÂÂ prot opt inÂÂÂÂ outÂÂÂÂ sourceÂÂÂÂÂÂÂÂÂÂÂÂÂÂ destination
 8 408 DNAT tcp -- * * 0.0.0.0/0 207.6.196.64 tcp dpt:80 to:192.168.20.40:80

Chain POSTROUTING (policy ACCEPT 4 packets, 244 bytes)
ÂÂÂ pktsÂÂÂÂÂ bytes targetÂÂÂÂ prot opt inÂÂÂÂ outÂÂÂÂ sourceÂÂÂÂÂÂÂÂÂÂÂÂÂÂ destination
 744 42337 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
 11 588 SNAT tcp -- * * 0.0.0.0/0 192.168.20.40 ctstate DNAT tcp dpt:80 to:207.6.196.64

Chain OUTPUT (policy ACCEPT 123 packets, 7641 bytes)
ÂÂÂ pktsÂÂÂÂÂ bytes targetÂÂÂÂ prot opt inÂÂÂÂ outÂÂÂÂ sourceÂÂÂÂÂÂÂÂÂÂÂÂÂÂ destination
 3 180 DNAT tcp -- * * 0.0.0.0/0 207.6.196.64 tcp dpt:80 to:192.168.20.40:80

This kind of configuration worked just fine on RH9. But it wasn't working on it when I've tried to install kernel 2.6.6.

Thanks.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux