RE: Port Forwarding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
> bounces@xxxxxxxxxx] On Behalf Of Troy Amburg
> Sent: Wednesday, December 19, 2007 11:34 AM
> To: General Red Hat Linux discussion list
> Subject: Re: Port Forwarding
> 
> Do you have a traceroute from Machine1 to Machine2? Also, is the
> default route set correctly on Machine1?
> 
> On Dec 19, 2007, at 9:07 AM, Steven Buehler wrote:
> 
> > I am trying to do port forwarding and I just can't seem to get it
> > to work.
> > I hope that someone can help.
> >
> > Machine 1 is running RHEL AS 4.4 with the 2.6.9-42.0.2.ELsmp kernel.
> > iptables has been running as my firewall since I set it up.
> >
> > I am trying to get anything that comes in to port 3389 on "Machine
> > 1" to go
> > to "Machine2" at a different location.  Lets say for this that the
> > IP of
> > "Machine1" is 70.70.70.70 and the remote machine ("Machine 2") that
> > I want
> > to forward to is 209.209.209.209.  I am assuming that I don't have
> > to do
> > anything on "Machine2" except make sure the firewall for that port
> > is opened
> > to "Machine 1".
> >
> > I have done the following on "Machine 1":
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> >
> > Here is my /etc/sysconfig/iptables file from "Machine 1".  This is
> > not the
> > one that I would normally use because it is to open, but am for
> > testing.
> > ####################
> > # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
> > *nat
> > :PREROUTING ACCEPT [3:536]
> > :POSTROUTING ACCEPT [9:635]
> > :OUTPUT ACCEPT [8:583]
> > -A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination
> > 209.209.209.209:80
> > COMMIT
> > # Completed on Wed Dec 19 10:50:11 2007
> > # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
> > *mangle
> > :PREROUTING ACCEPT [318:24902]
> > :INPUT ACCEPT [312:24214]
> > :FORWARD ACCEPT [3:152]
> > :OUTPUT ACCEPT [276:32613]
> > :POSTROUTING ACCEPT [279:32765]
> > COMMIT
> > # Completed on Wed Dec 19 10:50:11 2007
> > # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
> > *filter
> > :INPUT ACCEPT [0:0]
> > :FORWARD ACCEPT [0:0]
> > :OUTPUT ACCEPT [276:32613]
> > :RH-Firewall-1-INPUT - [0:0]
> > -A INPUT -j RH-Firewall-1-INPUT
> > -A FORWARD -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT
> > -A FORWARD -j RH-Firewall-1-INPUT
> > -A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
> > -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
> > -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> > -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
> > -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j
> > ACCEPT
> > -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
> > -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> > COMMIT
> > # Completed on Wed Dec 19 10:50:11 2007
> > ####################
> >
> > Thanks
> > Steve
> >

A traceroute shows no problems.  Goes to the remote machine just fine.  I
can also access the port on the remote machine with no problems.

[root@mymachine]# route -n 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
70.70.70.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         70.70.70.175   0.0.0.0         UG    0      0        0 eth0


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux