Port Forwarding

"Steven Buehler" <steve@xxxxxxxxxxxx> · Wed, 19 Dec 2007 11:07:37 -0600

I am trying to do port forwarding and I just can't seem to get it to work.
I hope that someone can help.

Machine 1 is running RHEL AS 4.4 with the 2.6.9-42.0.2.ELsmp kernel.
iptables has been running as my firewall since I set it up.

I am trying to get anything that comes in to port 3389 on "Machine 1" to go
to "Machine2" at a different location.  Lets say for this that the IP of
"Machine1" is 70.70.70.70 and the remote machine ("Machine 2") that I want
to forward to is 209.209.209.209.  I am assuming that I don't have to do
anything on "Machine2" except make sure the firewall for that port is opened
to "Machine 1".

I have done the following on "Machine 1":
echo 1 > /proc/sys/net/ipv4/ip_forward

Here is my /etc/sysconfig/iptables file from "Machine 1".  This is not the
one that I would normally use because it is to open, but am for testing.
####################
# Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
*nat
:PREROUTING ACCEPT [3:536]
:POSTROUTING ACCEPT [9:635]
:OUTPUT ACCEPT [8:583]
-A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination
209.209.209.209:80
COMMIT
# Completed on Wed Dec 19 10:50:11 2007
# Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
*mangle
:PREROUTING ACCEPT [318:24902]
:INPUT ACCEPT [312:24214]
:FORWARD ACCEPT [3:152]
:OUTPUT ACCEPT [276:32613]
:POSTROUTING ACCEPT [279:32765]
COMMIT
# Completed on Wed Dec 19 10:50:11 2007
# Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [276:32613]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Dec 19 10:50:11 2007
####################

Thanks
Steve

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list