> -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Troy Amburg > Sent: Wednesday, December 19, 2007 11:34 AM > To: General Red Hat Linux discussion list > Subject: Re: Port Forwarding > > Do you have a traceroute from Machine1 to Machine2? Also, is the > default route set correctly on Machine1? > > On Dec 19, 2007, at 9:07 AM, Steven Buehler wrote: > > > I am trying to do port forwarding and I just can't seem to get it > > to work. > > I hope that someone can help. > > > > Machine 1 is running RHEL AS 4.4 with the 2.6.9-42.0.2.ELsmp kernel. > > iptables has been running as my firewall since I set it up. > > > > I am trying to get anything that comes in to port 3389 on "Machine > > 1" to go > > to "Machine2" at a different location. Lets say for this that the > > IP of > > "Machine1" is 70.70.70.70 and the remote machine ("Machine 2") that > > I want > > to forward to is 209.209.209.209. I am assuming that I don't have > > to do > > anything on "Machine2" except make sure the firewall for that port > > is opened > > to "Machine 1". > > > > I have done the following on "Machine 1": > > echo 1 > /proc/sys/net/ipv4/ip_forward > > > > Here is my /etc/sysconfig/iptables file from "Machine 1". This is > > not the > > one that I would normally use because it is to open, but am for > > testing. > > #################### > > # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007 > > *nat > > :PREROUTING ACCEPT [3:536] > > :POSTROUTING ACCEPT [9:635] > > :OUTPUT ACCEPT [8:583] > > -A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination > > 209.209.209.209:80 > > COMMIT > > # Completed on Wed Dec 19 10:50:11 2007 > > # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007 > > *mangle > > :PREROUTING ACCEPT [318:24902] > > :INPUT ACCEPT [312:24214] > > :FORWARD ACCEPT [3:152] > > :OUTPUT ACCEPT [276:32613] > > :POSTROUTING ACCEPT [279:32765] > > COMMIT > > # Completed on Wed Dec 19 10:50:11 2007 > > # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007 > > *filter > > :INPUT ACCEPT [0:0] > > :FORWARD ACCEPT [0:0] > > :OUTPUT ACCEPT [276:32613] > > :RH-Firewall-1-INPUT - [0:0] > > -A INPUT -j RH-Firewall-1-INPUT > > -A FORWARD -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT > > -A FORWARD -j RH-Firewall-1-INPUT > > -A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7 > > -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT > > -A RH-Firewall-1-INPUT -i lo -j ACCEPT > > -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT > > -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j > > ACCEPT > > -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT > > -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited > > COMMIT > > # Completed on Wed Dec 19 10:50:11 2007 > > #################### > > > > Thanks > > Steve > > A traceroute shows no problems. Goes to the remote machine just fine. I can also access the port on the remote machine with no problems. [root@mymachine]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 70.70.70.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 70.70.70.175 0.0.0.0 UG 0 0 0 eth0 -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
