Find the answer to your Linux question:
Results 1 to 10 of 10
Sorry guys, i admit, i am new to Linux, and can't get this to work for the life of me. My router is forwarding requests for ports 80 and 21 ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2004
    Posts
    10

    Filtered Port with no Firewall?


    Sorry guys, i admit, i am new to Linux, and can't get this to work for the life of me. My router is forwarding requests for ports 80 and 21 (for now) to my server. I have apache2 and proFTPD both running. And from other computers on the internal network i can connect to both of them, and they work just fine. However, any connections from an external IP address don't work. When running nmap to scan for open ports, i see 443 and 3306 (Mysql is installed and running) both open, but the rest as "filtered" which leads me to believe a firewall is intercepting the packets...

    I have tried killing the firewall via the GUI, and have tried manually adding iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT (when the firewall is running), but neither leave the port open...

    Some background: running Fedora Core2, using Gnome...
    any suggestions?

    I have also asked this question on linuxquestions.org, but no one can figure out where my problem lies, things I was asked there was for outputs of some commands, here they are:
    when I have the firewall on, iptables -nvL outputs the following:
    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    3474 707K RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy ACCEPT 1926 packets, 246K bytes)
    pkts bytes target prot opt in out source destination

    Chain RH-Firewall-1-INPUT (2 references)
    pkts bytes target prot opt in out source destination
    20 1294 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
    0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
    2387 654K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    1067 51629 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

    When the firewall is both on and off i recieve no output from either of the following commands:
    #route -nv
    #netstat -nr

    Any ideas?

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Well, I can at least understand why "iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT" doesn't make it work. Packets that aren't headed for the local host, such as those being forwarded to another computer, don't go through the INPUT chain, they go through the FORWARD chain.

    Thus, try "iptables -I FORWARD 1 -p tcp --dport 80 -j ACCEPT" instead and see if that works.

  3. #3
    Just Joined!
    Join Date
    Jun 2004
    Posts
    10
    Testing it right now, just wondering
    why wouldn't they be going through the input chain?
    because my router redirects them and thus they are considered a "forward" packet?
    I thought forward was for when another comp bridged them...

    added: why also, when i run 'service iptables stop' would it still not accept them (no firewall = all accepted correct?)

  4. #4
    Just Joined!
    Join Date
    Jun 2004
    Posts
    10
    No dice...
    nothing coming through with that added command (using the forward chain)

  5. #5
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    They don't go through the INPUT chain, since the INPUT chain (which is called from the local_in netfilter hook) is only called right before packets are sent to the local TCP stack. Since these packets never go to the local TCP stack, the INPUT chain isn't called on them.

    Anyway - just how did you forward these ports, exactly?

  6. #6
    Just Joined!
    Join Date
    Jun 2004
    Posts
    10
    in the router (belkin wireless 4 port), tried both DMZ and "virtual servers" their term for port forwarding. I called belkin tech support to make sure it wasn't a problem with the router, he walked me through it, exact thing that i had done...
    thing...

  7. #7
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I'm sorry, I might have misunderstood you fundamentally. I thought you had a Linux router, and I thought that iptables output in your initial post was from that Linux router. Was that not so?

  8. #8
    Just Joined!
    Join Date
    Jun 2004
    Posts
    10
    Nope, sorry if the post confused you...
    Belkin 4 Port Wireless router...

  9. #9
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Well, I'm not sure about the exact brand and so on, but I think there have been some posts here before about port forwarding with these Belkin (and other hardware) routers, and I don't think anyone was able to solve it back then, actually.

  10. #10
    Just Joined!
    Join Date
    Jun 2004
    Posts
    10
    The thing is, ive tried using 3 different routers... all with the same problems
    however, i didn't try turning off iptables with the other two (just this belkin)..
    But i'm moving to florida tomorrow, so this escapade will just have to continue sometime next week =P

    Thanks for all your help however =P
    I did learn plenty of new things (iptables mostly)
    -Impact

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •