> -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Steven Buehler > Sent: Wednesday, December 19, 2007 1:13 PM > To: 'General Red Hat Linux discussion list' > Subject: RE: Port Forwarding > > > On Dec 19, 2007, at 9:43 AM, Steven Buehler wrote: > > > > >> -----Original Message----- > > >> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > > >> bounces@xxxxxxxxxx] On Behalf Of Troy Amburg > > >> Sent: Wednesday, December 19, 2007 11:34 AM > > >> To: General Red Hat Linux discussion list > > >> Subject: Re: Port Forwarding > > >> > > >> Do you have a traceroute from Machine1 to Machine2? Also, is the > > >> default route set correctly on Machine1? > > >> > > >> On Dec 19, 2007, at 9:07 AM, Steven Buehler wrote: > > >> > > >>> I am trying to do port forwarding and I just can't seem to get it > > >>> to work. > > >>> I hope that someone can help. > > >>> > > >>> Machine 1 is running RHEL AS 4.4 with the 2.6.9-42.0.2.ELsmp > > kernel. > > >>> iptables has been running as my firewall since I set it up. > > >>> > > >>> I am trying to get anything that comes in to port 3389 on > "Machine > > >>> 1" to go > > >>> to "Machine2" at a different location. Lets say for this that > the > > >>> IP of > > >>> "Machine1" is 70.70.70.70 and the remote machine ("Machine 2") > that > > >>> I want > > >>> to forward to is 209.209.209.209. I am assuming that I don't > have > > >>> to do > > >>> anything on "Machine2" except make sure the firewall for that > port > > >>> is opened > > >>> to "Machine 1". > > >>> > > >>> I have done the following on "Machine 1": > > >>> echo 1 > /proc/sys/net/ipv4/ip_forward > > >>> > > >>> Here is my /etc/sysconfig/iptables file from "Machine 1". This > is > > >>> not the > > >>> one that I would normally use because it is to open, but am for > > >>> testing. > > >>> #################### > > >>> # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007 > > >>> *nat > > >>> :PREROUTING ACCEPT [3:536] > > >>> :POSTROUTING ACCEPT [9:635] > > >>> :OUTPUT ACCEPT [8:583] > > >>> -A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination > > >>> 209.209.209.209:80 > > >>> COMMIT > > >>> # Completed on Wed Dec 19 10:50:11 2007 > > >>> # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007 > > >>> *mangle > > >>> :PREROUTING ACCEPT [318:24902] > > >>> :INPUT ACCEPT [312:24214] > > >>> :FORWARD ACCEPT [3:152] > > >>> :OUTPUT ACCEPT [276:32613] > > >>> :POSTROUTING ACCEPT [279:32765] > > >>> COMMIT > > >>> # Completed on Wed Dec 19 10:50:11 2007 > > >>> # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007 > > >>> *filter > > >>> :INPUT ACCEPT [0:0] > > >>> :FORWARD ACCEPT [0:0] > > >>> :OUTPUT ACCEPT [276:32613] > > >>> :RH-Firewall-1-INPUT - [0:0] > > >>> -A INPUT -j RH-Firewall-1-INPUT > > >>> -A FORWARD -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT > > >>> -A FORWARD -j RH-Firewall-1-INPUT > > >>> -A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log- > level > > 7 > > >>> -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT > > >>> -A RH-Firewall-1-INPUT -i lo -j ACCEPT > > >>> -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT > > >>> -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 > -j > > >>> ACCEPT > > >>> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT > > >>> -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j > > >>> ACCEPT > > >>> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host- > prohibited > > >>> COMMIT > > >>> # Completed on Wed Dec 19 10:50:11 2007 > > >>> #################### > > >>> > > >>> Thanks > > >>> Steve > > >>> > > > > > > A traceroute shows no problems. Goes to the remote machine just > > > fine. I > > > can also access the port on the remote machine with no problems. > > > > > > [root@mymachine]# route -n > > > Kernel IP routing table > > > Destination Gateway Genmask Flags Metric Ref > > > Use > > > Iface > > > 70.70.70.0 0.0.0.0 255.255.255.0 U 0 > > > 0 0 eth0 > > > 169.254.0.0 0.0.0.0 255.255.0.0 U 0 > > > 0 0 eth0 > > > 0.0.0.0 70.70.70.175 0.0.0.0 UG 0 > > > 0 0 eth0 > > > > > > > > -----Original Message----- > > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > > bounces@xxxxxxxxxx] On Behalf Of Troy Amburg > > Sent: Wednesday, December 19, 2007 11:49 AM > > To: General Red Hat Linux discussion list > > Subject: Re: Port Forwarding > > > > So you can traceroute from Machine1 to Machine2 without any problem, > > and you can telnet to the port in question, from Machine1 to > > Machine2? If that's the case, I guess I don't understand what's not > > working. > > > > Correct. I have tried setting up port forwarding on several > servers > this way and have never been able to get it to work. Some of the > machines > are RHEL 4.x and some are 5.x. Selinux is not running on any of the > machines and I can go from Machine1 to the port I want on Machine2 with > no > problem. I only have a problem when it comes to forwarding the ports. > All installations and upgrades are done using up2date/yum so they > are stock rpms. I have searched the internet before resorting to this > list > and always come up with the same answers, run: > echo 1 > /proc/sys/net/ipv4/ip_forward (which was set to 0 orginally) > iptables -A PREROUTING -t nat -p tcp -m tcp --dport 3389 -j DNAT > --to-destination 209.209.209.209:80 > iptables -A FORWARD -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT > iptables -A RH-Firewall-1-INPUT -s myip here -j ACCEPT > > Steve There has to be something simple that I am missing here. I have 16 servers and I tried setting up port forwarding on all of them with no luck. Simply running the above 3 lines on each one. On the remote machines, I would even stop the firewalls altogether so that I was sure that it wasn't blocking anything. 3 of the servers are in Kansas, 8 of the servers are in a Data Center in Missouri and 5 of the servers are in a Data Center in Virginia. I have 2 Ethernet ports on each system, but don't use eth1 on all but 3 of them. So I never set up these rules to use a second Ethernet port. Do I need to use 2 ports? The systems range from Rehat Linux 7.3 to RH Steve -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
