[Masq] SUBJECT: Port Forwarding not working

Fri, 07 Dec 2001 01:47:08 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Hello!
I have problems with port forwarding using IPTABLES.
I know that such a problem was already discussed, but the solution I've ready
is not clear (at least for me) and does not work on my machine.
I'm using RedHat 7.1 with kernel 2.4.13 and iptables 1.2.4.
I'm trying to redirect ports 25 and 80, but get connection timed out.
I've removed all my previous rules from iptables and implemented the basic
script (taken from the howto). Here is part of it:

echo "   clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo "Enabling PORTFW Redirection on the external LAN.."
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 25 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 25 \
-j DNAT --to 192.168.1.4:25
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 80 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 80 \
-j DNAT --to 192.168.1.4:80

echo "   FWD: Allow all connections OUT and only existing and related ones
IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED
-j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

Even when I change policy for the FORWARD chain to ACCEPT (just to try), I'm
not successful again.
Can you please advise how to resolve the problem.
Regards,
Geo.

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to