Find the answer to your Linux question:
Results 1 to 2 of 2
i have a linux redhat 7 box with ipchains on it. 2 nic cards - eth1 : 192.168.1.160 and eth0 : 192.168.2.1 i have a windows box sitting behind the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User
    Join Date
    May 2003
    Location
    CA
    Posts
    370

    ipchains query.


    i have a linux redhat 7 box with ipchains on it.
    2 nic cards - eth1 : 192.168.1.160
    and eth0 : 192.168.2.1
    i have a windows box sitting behind the linux box with an ip of 192.168.2.2
    i can ping and ssh into that box just fine, i hv tomcat running on it on port 8080.
    Now I have configured the linux box as a firewall for this windows machine with this set of rules:

    Chain input (policy ACCEPT):
    target prot opt source destination ports
    ACCEPT tcp ------ 0.0.0.0/0 192.168.2.0/24 * -> *
    Chain forward (policy ACCEPT):
    target prot opt source destination ports
    ACCEPT tcp ------ 0.0.0.0/0 192.168.2.2 8080 -> 8080
    Chain output (policy ACCEPT):
    target prot opt source destination ports
    ACCEPT tcp ------ 0.0.0.0/0 192.168.2.0/24 8080 -> *

    However when i try to connect from any other machine on the 192.168.1.0 network by using
    telnet 192.168.1.160 8080
    i get connection refused message.
    shouldn't my linux box 192.168.1.160 forward port 8080 to the windows box sitting behind it?? is there something wrong with my rules?
    sorry for the long post.

    Thanks
    Nik
    Fixing Unix is better than working with Windows.
    http://nikhilk.homedns.org/projects/index.html

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    No, that Linux box is not configured to route packets that are addressed to itself. 192.168.1.160 is still the address of that Linux box, and it will thus itself respond to packets that are addressed to that address.

    What you have set it up to do is plain routing - that is, if you configure a route on the machines on the 192.168.1.x network to use 192.168.1.160 as the default route to the 192.168.2.x network, you would be able to go to 192.168.2.2:8080 on those machines and it would work.

    The functionality you're looking for is NAT, and I'm not sure if a 2.2 kernel supports that (I know it has SNAT support, but I don't know if it supports DNAT, which is what you need).
    You will probably have to either upgrade the kernel to a 2.4 or 2.6 version, or (preferrably) upgrade the distro to a later version. It will use iptables instead of ipchains, which is much preferrable in general and particularly has built-in NAT support.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •