Issues with port forwarding
Chris Burkhart
Chris_Burkhart@aubonpain.com
Thu, 3 Jan 2002 09:12:39 -0500
I'm in the process of replacing an older Redhat 7.0.90 (Fisher beta) machine
with a Redhat 7.2 machine. The 7.0.90 machine is running kernel version
2.4.0-0.99.11, and everything works great on that one. Iptables is version
1.2. On the new machine, it's running 2.4.7-10, and I have tried multiple
Iptables, everything from 1.4 down to 1.2. On all of these, I'm able to
setup masquerading, and that will work fine, I can block ports, and that
will work fine, but port forwarding refuses to work. If I do iptables -t
nat --list on the new box, I get this output:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:3389
to:XXX.X.XXX.XX
DNAT tcp -- anywhere anywhere tcp dpt:6699
to:XXX.X.XXX.XX
DNAT tcp -- anywhere anywhere tcp dpt:http
to:XXX.X.XXX.XX
If I do it on the old box, I get this output:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:3389
to:XXX.X.XXX.XX
DNAT tcp -- anywhere anywhere tcp dpt:6699
to:XXX.X.XXX.XX
DNAT tcp -- anywhere anywhere tcp dpt:http
to:XXX.X.XXX.XX
The rules are setup as follows:
$IPT -A PREROUTING -t nat -p tcp -i eth1 --destination-port 3389 -j DNAT
--to-destination XXX.X.XXX.XX
$IPT -A PREROUTING -t nat -p tcp -i eth1 --destination-port 6699 -j DNAT
--to-destination XXX.X.XXX.XX
$IPT -A PREROUTING -t nat -p tcp -i eth1 --destination-port 80 -j DNAT
--to-destination XXX.X.XXX.XX
The whole firewall chain is just copied from one box to the other. Do I
need to install an older kernel to get this to work, or did something change
in the different versions that I need to accommodate for in my script?
Thanks,
Chris