Port Forwarding with netfilter 1.0, big problems
Eric Gandt
egandt@netscape.net
28 Jun 00 19:43:49 EDT
Ok so I want to forward a port, sounds easy, but it does not work. According
to everything I have read all I need is to add the following lines to the
masquerading set:
/usr/local/bin/iptables -A PREROUTING -t nat -p udp -d [external IP] \
--dport 27960 -j DNAT --to 192.168.0.5
/usr/local/bin/iptables -A PREROUTING -t nat -p tcp -d [external IP] \
--dport 27960 -j DNAT --to 192.168.0.5
Then it shoulw work, but it does not if I look at my current tables I get:
[root ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID,NEW
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
DROP all -- anywhere anywhere state INVALID,NEW
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root ~]# iptables -t nat -L PREROUTING
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT udp -- anywhere 216.181.215.102 udp dpt:27960
to:192.168.0.5
DNAT tcp -- anywhere 216.181.215.102 tcp dpt:27960
to:192.168.0.5
If I telnet to port 27960 I get:
[root ~]# telnet [external IP} 27960
Trying [external IP}...
telnet: Unable to connect to remote host: Connection refused
[root ~]# telnet 192.168.0.5 27960
Trying 192.168.0.5...
Connected to 192.168.0.5.
Escape character is '^]'.
^]
telnet> q
Connection closed.
now a connection to the [external IP} should be passed through to 192.168.0.5,
which will accept connections, but it does not. I have tried everything I can
think of, but it does not fix the problem. I would be greatful to anyone who
could fix the problem and explain why other people can get this to work, but I
can not!
Eric Gandt
egandt@netscape.net
____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.