Find the answer to your Linux question:
Results 1 to 3 of 3
Hello We have one linux machine in the office which happens to be an important firewall. I just know the basics and need to make one change Essentially it is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2005
    Posts
    2

    IP tables port forwarding


    Hello

    We have one linux machine in the office which happens to be an important firewall. I just know the basics and need to make one change

    Essentially it is forward mysql traffic to another internal machine.

    This is the original rule (forward to 192.20.0.17) which is working



    Code:

    $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 3306 -j allowed
    $IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $STATIC_IP --dport 3306 -j DNAT --to-destination 192.20.0.17
    $IPTABLES -A FORWARD -p tcp -i $INET_IFACE -o $LAN_IFACE -d 192.20.0.17 --dport 3306 -j allowed



    and i just need to send it to 192.20.0.15 so i just change -->


    Code:

    $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 3306 -j allowed
    $IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $STATIC_IP --dport 3306 -j DNAT --to-destination 192.20.0.15
    $IPTABLES -A FORWARD -p tcp -i $INET_IFACE -o $LAN_IFACE -d 192.20.0.15 --dport 3306 -j allowed


    and restarted the machine.

    But this does not work. is there anything else that must be done ?

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by ikcir View Post
    $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 3306 -j allowed
    $IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $STATIC_IP --dport 3306 -j DNAT --to-destination 192.20.0.15
    $IPTABLES -A FORWARD -p tcp -i $INET_IFACE -o $LAN_IFACE -d 192.20.0.15 --dport 3306 -j allowed
    Change allowed to ACCEPT. I cannot believe that the old rule was working unless you were using some sort of very old firewall.

    Here is a TUTORIAL for IPTABLES

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Linux Newbie framp's Avatar
    Join Date
    Jul 2006
    Location
    Stuttgart, Germany
    Posts
    240
    Quote Originally Posted by Lazydog View Post
    Change allowed to ACCEPT.
    I suspect allowed is another iptables chain.
    @ikcir: Check this chain for other restrictions.
    "Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Benedict Torvalds

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •