Results 1 to 3 of 3
Dear all, I have a firewall machine running Slackware 10.1. It had a fix ip address, (ex 126.96.36.199) and it connected to a local LAN. so the config is eth0, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 04-17-2007 #1
- Join Date
- Oct 2004
NAT not working but the setting is correct! Thx
I have a firewall machine running Slackware 10.1. It had a fix ip address, (ex 188.8.131.52) and it connected to a local LAN. so the config is
Now I open a new port 8765 on eth1 and forward into local LAN 184.108.40.206.
I did the following
iptables -A INPUT -i eth1 -p tcp --dport 8765 -j ACCEPT (accept data from port 8765) iptables -t nat -A PREROUTING -p tcp -i eth1 -d 220.127.116.11 --dport 8765 -j DNAT --to 192.168.1.2:80 (forward msg from 18.104.22.168:8765 to 192.168.1.2:80).
Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere 22.214.171.124 dpt:6908 to:192.168.1.2:80
Unable to connect Firefox can't establish a connection to the server at 126.96.36.199:8765.
- 04-19-2007 #2
- Join Date
- Oct 2004
I do a lab about this issue...
I build two linux system:
OS: Fedora Core 5
First, using a cross cable to connect the client(eth0) and server(eth1), those can ping, is connected!
Now, I write a simple script to run on server, to accept the port number 8765 from 192.168.80.195, then using NAT to following the signal from 192.168.80.195:8765 to local LAN machine 192.168.1.2:80.
The httpd can run on 192.168.1.2 with http://192.168.1.2 on browser
Now using a machine on segment 192.168.80.x to type URL http://192.168.80.195:8765 it will have error showed as following, the computer and the this testing server is on same segment, it can ping to each other.
The connection has timed out The server at 192.168.80.195 is taking too long to respond.
[root@localhost ~]# iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere 192.168.80.195 tcp dpt:ultraseek-http to:192.168.1.2:80 Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Here is the script that I used to test:
#!/bin/sh # insert modules echo "1" > /proc/sys/net/ipv4/ip_forward modprobe ip_tables modprobe ip_nat_ftp modprobe ip_conntrack modprobe ip_conntrack_ftp # clear rule service iptables restart iptables -X iptables -F iptables -X -t nat iptables -F -t nat # reset rule iptables -A INPUT -i 192.168.80.195 -p tcp --dport 8765 -j ACCEPT iptables -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.80.195 --dport 8765 -j DNAT --to 192.168.1.2:80
- 04-22-2007 #3
Your target IP is 192.168.1.2 - which is a remote system - not the local system. An INPUT rule applies to the local system. Use a FORWARD rule and it should work"Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Benedict Torvalds