Results 1 to 9 of 9
Hello,
I need help in setting up a port forwarding on my server, or more precisely, I need a way to check what is happening with the packets sent on ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 04-17-2009 #1Just Joined!
- Join Date
- Apr 2009
- Posts
- 14
Port forwarding doesn't work
Hello,
I need help in setting up a port forwarding on my server, or more precisely, I need a way to check what is happening with the packets sent on the forwarded port, since they seem to vanish inside the server
- 04-17-2009 #2Linux Newbie
- Join Date
- Jan 2009
- Location
- Adelaide
- Posts
- 169
What firewall software are you using? iptables? or something else. What are you trying to achieve? What distro? What's not working?
- 04-17-2009 #3Just Joined!
- Join Date
- Apr 2009
- Posts
- 14
Yes, I'm using iptables. Basicaly I need to do port forwarding, i.e. make local server visible from the outside
What doesn't work is that the packets are visible on the WAN interface, but not on the LAN interface.
- 04-17-2009 #4Linux Newbie
- Join Date
- Jan 2009
- Location
- Adelaide
- Posts
- 169
OK, I am assuming at this point that you have set up the firewall correctly. Have you turned on forwarding:
This will need to be done every time you boot.Code:echo "1" > /proc/sys/net/ipv4/ip_forward
- 04-17-2009 #5Just Joined!
- Join Date
- Apr 2009
- Posts
- 14
Well, that's the problem... I don't know how to set up iptables for port forwarding
Or maybe I know, but it doesn't work. Yes, the forwarding is on.
- 04-17-2009 #6Linux Guru
- Join Date
- Jun 2004
- Location
- The Keystone State
- Posts
- 2,615
You need to use DNAT for this.
Here is a TUTORIAL for iprtables that should help youCode:iptables -t nat -A PREROUTING -p tcp -d 15.45.23.67 --dport 80 -j DNAT --to-destination 192.168.1.1
- 04-17-2009 #7Just Joined!
- Join Date
- Apr 2009
- Posts
- 14
Thanks for the tutorial
I have already read many things about DNAT, but the rule You posted just doesn't work, I don't know why :/
- 04-18-2009 #8Linux Guru
- Join Date
- Jun 2004
- Location
- The Keystone State
- Posts
- 2,615
Weel you have to ensure packets that are heading back are also NAT'ed.
Do you have this setup? something like this:
Provided eth0 is your external facing interface?Code:iptables -A POSTROUTING -o eth0 -j MASQUERADE
If this isn't working then maybe posting your rules we can better help you.
- 04-18-2009 #9Just Joined!
- Join Date
- Apr 2009
- Posts
- 14
Are You sure it's necessary? Isn't the DNAT responsible also for connection tracking? Besides that, I think my problem lies somewhere else: I don't know why NONE of the packets I'm sending reaches the DNAT'ed in-LAN server, moreover NONE of them even leaves the firewall internal LAN interface.
Originally Posted by Lazydog 
But I'll try that anyway, thanks
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
