Find the answer to your Linux question:
Results 1 to 2 of 2

Thread: ipchains query.

Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User
    Join Date
    May 2003

    ipchains query.

    i have a linux redhat 7 box with ipchains on it.
    2 nic cards - eth1 :
    and eth0 :
    i have a windows box sitting behind the linux box with an ip of
    i can ping and ssh into that box just fine, i hv tomcat running on it on port 8080.
    Now I have configured the linux box as a firewall for this windows machine with this set of rules:

    Chain input (policy ACCEPT):
    target prot opt source destination ports
    ACCEPT tcp ------ * -> *
    Chain forward (policy ACCEPT):
    target prot opt source destination ports
    ACCEPT tcp ------ 8080 -> 8080
    Chain output (policy ACCEPT):
    target prot opt source destination ports
    ACCEPT tcp ------ 8080 -> *

    However when i try to connect from any other machine on the network by using
    telnet 8080
    i get connection refused message.
    shouldn't my linux box forward port 8080 to the windows box sitting behind it?? is there something wrong with my rules?
    sorry for the long post.

    Fixing Unix is better than working with Windows.

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Täby, Sweden
    No, that Linux box is not configured to route packets that are addressed to itself. is still the address of that Linux box, and it will thus itself respond to packets that are addressed to that address.

    What you have set it up to do is plain routing - that is, if you configure a route on the machines on the 192.168.1.x network to use as the default route to the 192.168.2.x network, you would be able to go to on those machines and it would work.

    The functionality you're looking for is NAT, and I'm not sure if a 2.2 kernel supports that (I know it has SNAT support, but I don't know if it supports DNAT, which is what you need).
    You will probably have to either upgrade the kernel to a 2.4 or 2.6 version, or (preferrably) upgrade the distro to a later version. It will use iptables instead of ipchains, which is much preferrable in general and particularly has built-in NAT support.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts