Port forwarding...
Roger Haskins
rhaskins@merlinsoftech.com
Wed, 19 Dec 2001 16:01:36 -0800
I've been noting that port forwarding has been an issue to people here and myself.
I've been reading HOW-TO's on netfilter and such for the last few weeks and been reading this list the last 2 weeks.
Anyways I was having problems with forwarding port 25 to the appropriate machine. It would work internally but not from the outside.
I found that not only having a rule to FORWARD the destination port and address but also FORWARD the source port and address.
eg.
$IPT -t nat -A PREROUTING -p TCP -d $WANIP --dport 25 -j DNAT --to-destination $MAILIP
$IPT -A FORWARD -p TCP -d $MAILIP --dport 25 -j ACCEPT
$IPT -A FORWARD -p TCP -s 0.0.0.0/0 --sport 25 -j ACCEPT
This way the firewall will send the packets destinated for port 25 to the right machine no matter if the packet comes from the outside or inside.
Roger Haskins
Network Administrator
Merlin Software Technologies International, Inc.
200 - 4199 Lougheed Hwy.
Burnaby, B.C. V5C 3Y6
(604) 320-7227 Voice
(604) 320-7277 Fax
Have you got your Essential Server yet?
http://www.merlinsoftech.com/