On Tue, Jan 25, 2005 at 12:24:31PM -0300, Pablo Allietti wrote:
> On Tue, Jan 25, 2005 at 12:01:14PM -0300, Pablo Allietti wrote:
> > On Sat, Jan 22, 2005 at 09:26:41PM -0300, Pablo Allietti wrote:
> > > On Sat, Jan 22, 2005 at 02:45:37PM -0500, Jason Opperisano wrote:
> > > > On Sat, 2005-01-22 at 10:59, Pablo Allietti wrote:
> > > > > hi all
> > > > >
> a
>
>
i miss a bottom
>
> >
> i continue with my problem! :(
>
> iptables -A FORWARD -o eth0 -i eth1 -p tcp -m state --state ESTABLISHED
>
> iptables -A FORWARD -j ACCEPT -p tcp --dport 1246
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 1246 -j DNAT --to
> 192.168.1.143:22
>
> i have this but i cant connecto to server 192.1698.1.143 from the
> outside. i do
>
> ssh -p 1246 200.20.43.2
>
> but nothing happends.
>
> i miss some rule ?
>
>
>
> my rules Chain PREROUTING (policy ACCEPT 2772 packets, 1314190 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain INPUT (policy ACCEPT 704 packets, 101110 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD (policy ACCEPT 2060 packets, 1212664 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain OUTPUT (policy ACCEPT 549 packets, 78617 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain POSTROUTING (policy ACCEPT 2617 packets, 1291697 bytes)
> pkts bytes target prot opt in out source
> destination
> Chain PREROUTING (policy ACCEPT 2719 packets, 241128 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 DNAT tcp -- eth1 * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:1246 to:192.168.1.143:22
> 0 0 DNAT tcp -- eth1 * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:247 to:192.168.1.79:22
> 36 1712 DNAT icmp -- eth0 * 0.0.0.0/0
> 0.0.0.0/0 to:192.168.1.143
> 0 0 DNAT tcp -- eth0 * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:3306 to:192.168.1.143
>
> Chain POSTROUTING (policy ACCEPT 840 packets, 69211 bytes)
> pkts bytes target prot opt in out source
> destination
> 403 29588 SNAT all -- * * 192.168.1.0/24
> 0.0.0.0/0 to:200.40.228.66
>
> Chain OUTPUT (policy ACCEPT 906 packets, 82037 bytes)
> pkts bytes target prot opt in out source
> destination
> Chain INPUT (policy DROP 2 packets, 192 bytes)
> pkts bytes target prot opt in out source
> destination
> 3175 660254 ACCEPT all -- lo * 0.0.0.0/0
> 0.0.0.0/0
> 3585 555905 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED,ESTABLISHED
> 1 40 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:21 flags:0x16/0x02
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:22
> 47 2788 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:25 flags:0x16/0x02
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:53
> 78 5476 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp dpt:53
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:80 flags:0x16/0x02
> 37 1776 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:110
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:143
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:443
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:953
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:995
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1099
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1098
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1097
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1096
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:3306
2 136 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:5222
3 342 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:5223
1 60 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:5269
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:5347
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:4590
1 48 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:8080
2292 217797 dropwall all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy ACCEPT 20393 packets, 10338781 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- eth0 eth0 0.0.0.0/0
0.0.0.0/0
1549 1661410 ACCEPT all -- eth1 eth1 0.0.0.0/0
0.0.0.0/0
10376 9304373 tcp -- eth0 eth1 0.0.0.0/0
0.0.0.0/0 state NEW,ESTABLISHED
9720 1019534 tcp -- eth1 eth0 0.0.0.0/0
0.0.0.0/0 state ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1246
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:247
49 2772 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT icmp -- eth1 eth0 0.0.0.0/0
192.168.1.143
0 0 ACCEPT tcp -- eth1 eth0 0.0.0.0/0
192.168.1.143 tcp dpt:3306
Chain OUTPUT (policy ACCEPT 2784 packets, 631807 bytes)
pkts bytes target prot opt in out source
destination
2755 290617 ACCEPT all -- * * 200.40.228.64/28
0.0.0.0/0
1765 274504 ACCEPT all -- * * 192.168.1.0/24
0.0.0.0/0
Chain dropwall (1 references)
pkts bytes target prot opt in out source
destination
2292 217797 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
>
>
>
>
> >
> >
> >
> >
> >
> >
> > > > > i have a problem with dnat i have this struc.
> > > > >
> > > > >
> > > > > |
> > > > > |internet
> > > > > |
> > > > > Firewall 200.20.43.2
> > > > > |
> > > > > |
> > > > > |
> > > > > Server 192.168.1.143
> > > > >
> > > > >
> > > > > and i have this rule in the firewall.
> > > > >
> > > > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2244 -j DNAT
> > > > > --to-destination 192.168.1.143:22
> > >
> > > thanks that is the solution.! :) jaja nice signature.! Homer say
> > > that.. i love homer
> > >
> > >
> > > > >
> > > > > i supouse this rule make a dnat to server 192.... to ssh but nothing
> > > > > happends
> > > > >
> > > > > i do ssh -p2244 200.20.43.2 but nothing respond
> > > > >
> > > > > what i miss ? :(
> > > >
> > > > and you have a FORWARD rule that looks like:
> > > >
> > > > iptables -A FORWARD -i eth0 -p tcp -d 192.168.1.143 --dport 22 \
> > > > -j ACCEPT
> > > >
> > > > yes?
> > > >
> > > > -j
> > > >
> > > > --
> > > > "Kids, you tried your best and you failed miserably. The lesson is,
> > > > never try."
> > > > --The Simpsons
> > > >
> > > ---end quoted text---
> > >
> > > --
> > >
> > >
> > > Pablo Allietti
> > > LACNIC
> > > --------------
> > >
> > ---end quoted text---
> >
> > --
> >
> >
> > Pablo Allietti
> > LACNIC
> > --------------
> >
> ---end quoted text---
>
> --
>
>
> Pablo Allietti
> LACNIC
> --------------
>
---end quoted text---
--
Pablo Allietti
LACNIC
--------------
