ipchains query.

[nikhil]

i have a linux redhat 7 box with ipchains on it.
2 nic cards - eth1 : 192.168.1.160
and eth0 : 192.168.2.1
i have a windows box sitting behind the linux box with an ip of 192.168.2.2
i can ping and ssh into that box just fine, i hv tomcat running on it on port 8080.
Now I have configured the linux box as a firewall for this windows machine with this set of rules:

Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT tcp ------ 0.0.0.0/0 192.168.2.0/24 * -> *
Chain forward (policy ACCEPT):
target prot opt source destination ports
ACCEPT tcp ------ 0.0.0.0/0 192.168.2.2 8080 -> 8080
Chain output (policy ACCEPT):
target prot opt source destination ports
ACCEPT tcp ------ 0.0.0.0/0 192.168.2.0/24 8080 -> *

However when i try to connect from any other machine on the 192.168.1.0 network by using
telnet 192.168.1.160 8080
i get connection refused message.
shouldn't my linux box 192.168.1.160 forward port 8080 to the windows box sitting behind it?? is there something wrong with my rules?
sorry for the long post.

Thanks
Nik

[Dolda2000]

No, that Linux box is not configured to route packets that are addressed to itself. 192.168.1.160 is still the address of that Linux box, and it will thus itself respond to packets that are addressed to that address.

What you have set it up to do is plain routing - that is, if you configure a route on the machines on the 192.168.1.x network to use 192.168.1.160 as the default route to the 192.168.2.x network, you would be able to go to 192.168.2.2:8080 on those machines and it would work.

The functionality you're looking for is NAT, and I'm not sure if a 2.2 kernel supports that (I know it has SNAT support, but I don't know if it supports DNAT, which is what you need).
You will probably have to either upgrade the kernel to a 2.4 or 2.6 version, or (preferrably) upgrade the distro to a later version. It will use iptables instead of ipchains, which is much preferrable in general and particularly has built-in NAT support.