That did it for the most part. I can do it with port 80. Haven't tried all of the different ones yet. What I am really trying to do is to get a forwarding rule that will allow me to port forward to a windows "Remote Desktop". Hince the port 3389. The following gives me an error. "Remote Desktop Disconnected Because of a protocol error, this session will be disconnected. Please try connecting to the remote computer again." iptables -A PREROUTING -t nat -p udp -m udp --dport 3389 -j DNAT --to-destination 209.209.209.209:3389 iptables -A FORWARD -i eth0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0 -o eth0 -p udp -m udp --dport 3389 -j ACCEPT > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Troy Amburg > Sent: Wednesday, December 19, 2007 5:54 PM > To: General Red Hat Linux discussion list > Subject: Re: Port Forwarding > > I just did this a couple days ago, so this is from my shell history. > This is on the gateway host, running rhel 5 that sits on a private > and public network. The default gateway on all the private network > hosts, points to this host. > > echo 1 > /proc/sys/net/ipv4/ip_forward > > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > iptables -A FORWARD -i eth0 -o eth1 -m state --state > RELATED,ESTABLISHED -j ACCEPT > iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT > service iptables save > > On Dec 19, 2007, at 3:42 PM, Steven Buehler wrote: > > > > > > >> -----Original Message----- > >> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > >> bounces@xxxxxxxxxx] On Behalf Of Steven Buehler > >> Sent: Wednesday, December 19, 2007 1:13 PM > >> To: 'General Red Hat Linux discussion list' > >> Subject: RE: Port Forwarding > >> > >>> On Dec 19, 2007, at 9:43 AM, Steven Buehler wrote: > >>> > >>>>> -----Original Message----- > >>>>> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > >>>>> bounces@xxxxxxxxxx] On Behalf Of Troy Amburg > >>>>> Sent: Wednesday, December 19, 2007 11:34 AM > >>>>> To: General Red Hat Linux discussion list > >>>>> Subject: Re: Port Forwarding > >>>>> > >>>>> Do you have a traceroute from Machine1 to Machine2? Also, is the > >>>>> default route set correctly on Machine1? > >>>>> > >>>>> On Dec 19, 2007, at 9:07 AM, Steven Buehler wrote: > >>>>> > >>>>>> I am trying to do port forwarding and I just can't seem to get > it > >>>>>> to work. > >>>>>> I hope that someone can help. > >>>>>> > >>>>>> Machine 1 is running RHEL AS 4.4 with the 2.6.9-42.0.2.ELsmp > >>> kernel. > >>>>>> iptables has been running as my firewall since I set it up. > >>>>>> > >>>>>> I am trying to get anything that comes in to port 3389 on > >> "Machine > >>>>>> 1" to go > >>>>>> to "Machine2" at a different location. Lets say for this that > >> the > >>>>>> IP of > >>>>>> "Machine1" is 70.70.70.70 and the remote machine ("Machine 2") > >> that > >>>>>> I want > >>>>>> to forward to is 209.209.209.209. I am assuming that I don't > >> have > >>>>>> to do > >>>>>> anything on "Machine2" except make sure the firewall for that > >> port > >>>>>> is opened > >>>>>> to "Machine 1". > >>>>>> > >>>>>> I have done the following on "Machine 1": > >>>>>> echo 1 > /proc/sys/net/ipv4/ip_forward > >>>>>> > >>>>>> Here is my /etc/sysconfig/iptables file from "Machine 1". This > >> is > >>>>>> not the > >>>>>> one that I would normally use because it is to open, but am for > >>>>>> testing. > >>>>>> #################### > >>>>>> # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007 > >>>>>> *nat > >>>>>> :PREROUTING ACCEPT [3:536] > >>>>>> :POSTROUTING ACCEPT [9:635] > >>>>>> :OUTPUT ACCEPT [8:583] > >>>>>> -A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to- > destination > >>>>>> 209.209.209.209:80 > >>>>>> COMMIT > >>>>>> # Completed on Wed Dec 19 10:50:11 2007 > >>>>>> # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007 > >>>>>> *mangle > >>>>>> :PREROUTING ACCEPT [318:24902] > >>>>>> :INPUT ACCEPT [312:24214] > >>>>>> :FORWARD ACCEPT [3:152] > >>>>>> :OUTPUT ACCEPT [276:32613] > >>>>>> :POSTROUTING ACCEPT [279:32765] > >>>>>> COMMIT > >>>>>> # Completed on Wed Dec 19 10:50:11 2007 > >>>>>> # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007 > >>>>>> *filter > >>>>>> :INPUT ACCEPT [0:0] > >>>>>> :FORWARD ACCEPT [0:0] > >>>>>> :OUTPUT ACCEPT [276:32613] > >>>>>> :RH-Firewall-1-INPUT - [0:0] > >>>>>> -A INPUT -j RH-Firewall-1-INPUT > >>>>>> -A FORWARD -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT > >>>>>> -A FORWARD -j RH-Firewall-1-INPUT > >>>>>> -A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log- > >> level > >>> 7 > >>>>>> -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT > >>>>>> -A RH-Firewall-1-INPUT -i lo -j ACCEPT > >>>>>> -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT > >>>>>> -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 > >> -j > >>>>>> ACCEPT > >>>>>> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT > >>>>>> -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j > >>>>>> ACCEPT > >>>>>> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host- > >> prohibited > >>>>>> COMMIT > >>>>>> # Completed on Wed Dec 19 10:50:11 2007 > >>>>>> #################### > >>>>>> > >>>>>> Thanks > >>>>>> Steve > >>>>>> > >>>> > >>>> A traceroute shows no problems. Goes to the remote machine just > >>>> fine. I > >>>> can also access the port on the remote machine with no problems. > >>>> > >>>> [root@mymachine]# route -n > >>>> Kernel IP routing table > >>>> Destination Gateway Genmask Flags Metric Ref > >>>> Use > >>>> Iface > >>>> 70.70.70.0 0.0.0.0 255.255.255.0 U 0 > >>>> 0 0 eth0 > >>>> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 > >>>> 0 0 eth0 > >>>> 0.0.0.0 70.70.70.175 0.0.0.0 UG 0 > >>>> 0 0 eth0 > >>>> > >>>> > >>> -----Original Message----- > >>> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > >>> bounces@xxxxxxxxxx] On Behalf Of Troy Amburg > >>> Sent: Wednesday, December 19, 2007 11:49 AM > >>> To: General Red Hat Linux discussion list > >>> Subject: Re: Port Forwarding > >>> > >>> So you can traceroute from Machine1 to Machine2 without any > problem, > >>> and you can telnet to the port in question, from Machine1 to > >>> Machine2? If that's the case, I guess I don't understand what's not > >>> working. > >>> > >> > >> Correct. I have tried setting up port forwarding on several > >> servers > >> this way and have never been able to get it to work. Some of the > >> machines > >> are RHEL 4.x and some are 5.x. Selinux is not running on any of the > >> machines and I can go from Machine1 to the port I want on Machine2 > >> with > >> no > >> problem. I only have a problem when it comes to forwarding the > >> ports. > >> All installations and upgrades are done using up2date/yum so they > >> are stock rpms. I have searched the internet before resorting to > >> this > >> list > >> and always come up with the same answers, run: > >> echo 1 > /proc/sys/net/ipv4/ip_forward (which was set to 0 > orginally) > >> iptables -A PREROUTING -t nat -p tcp -m tcp --dport 3389 -j DNAT > >> --to-destination 209.209.209.209:80 > >> iptables -A FORWARD -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT > >> iptables -A RH-Firewall-1-INPUT -s myip here -j ACCEPT > >> > >> Steve > > > > There has to be something simple that I am missing here. I have 16 > > servers > > and I tried setting up port forwarding on all of them with no > > luck. Simply > > running the above 3 lines on each one. On the remote machines, I > > would even > > stop the firewalls altogether so that I was sure that it wasn't > > blocking > > anything. 3 of the servers are in Kansas, 8 of the servers are in > > a Data > > Center in Missouri and 5 of the servers are in a Data Center in > > Virginia. I > > have 2 Ethernet ports on each system, but don't use eth1 on all but > > 3 of > > them. So I never set up these rules to use a second Ethernet > > port. Do I > > need to use 2 ports? The systems range from Rehat Linux 7.3 to RH > > > > Steve > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
