Find the answer to your Linux question:
Results 1 to 4 of 4
Hello! I'm having a weird problem with simply forwarding port 80 to another machine. I have two machines, web(85.1.1.1) & web2(85.1.1.2), web2 is forwarding to web. The weird part is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2007
    Posts
    4

    IPTables port forward problem!


    Hello! I'm having a weird problem with simply forwarding port 80 to another machine. I have two machines, web(85.1.1.1) & web2(85.1.1.2), web2 is forwarding to web. The weird part is how it works only under certain circumstances, in the past I've never had problems. Here is an example of what happens in order:

    web2: Begin to port forward
    web2 shell> modprobe iptable_nat
    web2 shell> echo 1 > /proc/sys/net/ipv4/ip_forward
    web2 shell> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    web2 shell> iptables -t nat -A PREROUTING -i eth0 -d 85.1.1.2 -p tcp --dport 80 -j DNAT --to 85.1.1.1

    my home box: Try to connect thru web2 forwarding but fails.
    homebox shell> telnet web2 80
    Trying 85.1.1.2...
    telnet: connect to address 85.1.1.2: Connection refused
    telnet: Unable to connect to remote host: Connection refused

    web2: Open a socket from the forwarding machine to the destination
    web2 shell> telnet web 80
    Trying 85.1.1.1...
    Connected to 85.1.1.1 (85.1.1.1).
    Escape character is '^]'.

    my home box: Port forwarding successfully works now !?
    homebox shell> telnet 85.1.1.2 80
    Trying 85.1.1.2...
    Connected to 85.1.1.2 (85.1.1.2).
    Escape character is '^]'.

    wait 30 minutes....

    my home box: Try to connect thru web2 forwarding but fails now
    homebox shell> telnet web2 80
    Trying 85.1.1.2...
    telnet: connect to address 85.1.1.2: Connection refused
    telnet: Unable to connect to remote host: Connection refused

    Now if I open a telnet connection between web2 -> web:80 again it will work again, but just as before only for a short duration.

    Can anybody please explain to me why it works after I open a telnet connection to the machine it's forwarding to? I'm pulling my hair out because it just doesn't make any sense to me. It has nothing to do with the web server as I've tested on multiple open ports with the same result. Thanks in advance for any help!

  2. #2
    Just Joined! vigour's Avatar
    Join Date
    Oct 2007
    Posts
    68
    I suggest you analyze the traffic with tcpdump and see where it brakes.

    One thing must be present in order for your setup to work.
    Is 85.1.1.2 using 85.1.1.1 as gateway?

    If not then the returned packets will not reach you.

    I suggest you use the following setup just to be sure it will work:

    web2 shell> iptables -t nat -A POSTROUTING -d 85.1.1.1 -j MASQUERADE
    web2 shell> iptables -t nat -A PREROUTING -i eth0 -d 85.1.1.2 -p tcp --dport 80 -j DNAT --to 85.1.1.1

    Thus you'll be sure that the packets between your host and 85.1.1.1 will be NATed behind 85.1.1.2, which definitely has connection to 85.1.1.1

    Cheers,
    Ventsi

  3. #3
    Just Joined!
    Join Date
    Apr 2008
    Posts
    1
    vigour, you rock! I've spent hours and hours trying to figure out why my port forwarding wasn't working, I've read just about every how-to, faq, tutorial, man page, etc with no success at all. You had the answer! I just joined this forum to tell you how thankful I am, I really appreciate it!
    -Orrbit

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined! vigour's Avatar
    Join Date
    Oct 2007
    Posts
    68
    I am glad I was able to help you

    Take care

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •