So you can traceroute from Machine1 to Machine2 without any problem,
and you can telnet to the port in question, from Machine1 to
Machine2? If that's the case, I guess I don't understand what's not
working.
On Dec 19, 2007, at 9:43 AM, Steven Buehler wrote:
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
bounces@xxxxxxxxxx] On Behalf Of Troy Amburg
Sent: Wednesday, December 19, 2007 11:34 AM
To: General Red Hat Linux discussion list
Subject: Re: Port Forwarding
Do you have a traceroute from Machine1 to Machine2? Also, is the
default route set correctly on Machine1?
On Dec 19, 2007, at 9:07 AM, Steven Buehler wrote:
I am trying to do port forwarding and I just can't seem to get it
to work.
I hope that someone can help.
Machine 1 is running RHEL AS 4.4 with the 2.6.9-42.0.2.ELsmp kernel.
iptables has been running as my firewall since I set it up.
I am trying to get anything that comes in to port 3389 on "Machine
1" to go
to "Machine2" at a different location. Lets say for this that the
IP of
"Machine1" is 70.70.70.70 and the remote machine ("Machine 2") that
I want
to forward to is 209.209.209.209. I am assuming that I don't have
to do
anything on "Machine2" except make sure the firewall for that port
is opened
to "Machine 1".
I have done the following on "Machine 1":
echo 1 > /proc/sys/net/ipv4/ip_forward
Here is my /etc/sysconfig/iptables file from "Machine 1". This is
not the
one that I would normally use because it is to open, but am for
testing.
####################
# Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
*nat
:PREROUTING ACCEPT [3:536]
:POSTROUTING ACCEPT [9:635]
:OUTPUT ACCEPT [8:583]
-A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination
209.209.209.209:80
COMMIT
# Completed on Wed Dec 19 10:50:11 2007
# Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
*mangle
:PREROUTING ACCEPT [318:24902]
:INPUT ACCEPT [312:24214]
:FORWARD ACCEPT [3:152]
:OUTPUT ACCEPT [276:32613]
:POSTROUTING ACCEPT [279:32765]
COMMIT
# Completed on Wed Dec 19 10:50:11 2007
# Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [276:32613]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j
ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j
ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Dec 19 10:50:11 2007
####################
Thanks
Steve
A traceroute shows no problems. Goes to the remote machine just
fine. I
can also access the port on the remote machine with no problems.
[root@mymachine]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use
Iface
70.70.70.0 0.0.0.0 255.255.255.0 U 0
0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0
0 0 eth0
0.0.0.0 70.70.70.175 0.0.0.0 UG 0
0 0 eth0
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
