/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Hey;
I'm having problems getting the port forwarding working. Here's the
background information:
1. Gigahertz Dell running Mandrake Linux 8.1. Kernel:
2.4.8-34.1mdk. Iptables rpm ver iptables-1.2.4-1.1mdk
2. I set up iptables over the weekend using the same logic that I used
to create a pretty solid firewall using ipchains. I'm getting log
information indicating that the firewall is dropping packets that I'm
expecting it to drop. For instance:
$ fw_log
Date Time Dir Int Proto Src IP Port Dest IP Port
================================================================================
02/27/02 00:42:52 in eth0 UDP 61.5.24.10 1032 12.251.95.107 137
02/27/02 10:18:36 in eth0 TCP 210.111.129.10 4845 12.251.95.107 111
02/27/02 19:14:07 in eth0 TCP 61.129.72.242 4328 12.251.95.107 515
02/27/02 19:14:10 in eth0 TCP 61.129.72.242 4328 12.251.95.107 515
02/27/02 23:15:52 in eth0 ICMP 12.250.108.162 8 12.251.95.107 0
02/27/02 23:17:53 in eth0 TCP 134.245.85.191 21 12.251.95.107 21
02/28/02 08:00:30 in eth0 TCP 200.171.2.25 4340 12.251.95.107 53
02/28/02 08:00:33 in eth0 TCP 200.171.2.25 4340 12.251.95.107 53
02/28/02 09:57:52 in eth0 UDP 209.43.17.215 1100 12.251.95.107 137
02/28/02 10:57:51 in eth0 TCP 216.71.193.231 80 12.251.95.107 4450
02/28/02 13:51:47 out eth1 UDP 192.168.12.2 631 192.168.12.255 631
3. I followed the HOWTO on setting iptables up, then updated the rules
for my system. I then added the rules from section 6.7.1 of the
HOWTO. Port 80 is no longer logging when I attempt an access from a system
outside of my network, but it's not getting routed to the web server
either. Basically, it hangs, then times out.
4. In an attempt to troubleshoot this, I moved the hardened firewall
script out of the way and regenerated one that just does simple
masquerading and port forwarding - same result. Here's the rules section
of the limited script:
##############################################################
# iptables rules:
##############################################################
for chain in INPUT OUTPUT FORWARD
do
[[ ${chain} = "FORWARD" ]] && iptables -P ${chain} DROP ||
iptables -P ${chain} ACCEPT
iptables -F ${chain}
done
iptables -t nat -F
echo "Finished flushing the chains..."
echo "Setting up forwarding from outside to AST"
iptables -A INPUT -i ${extint} -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i ${extint} -o ${intint} -p tcp --dport 80 \
-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d ${extip} --dport 80 \
-j DNAT --to ${ast}
echo "Finished external; now doing internal outbound."
iptables -A FORWARD -i ${extint} -o ${intint} -m state \
--state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ${intint} -o ${extint} -j ACCEPT
iptables -A FORWARD -j LOG
iptables -t nat -A POSTROUTING -o ${extint} -j MASQUERADE
5. I'm stuck. To the best of my knowledge, I followed the HOWTO to
the letter. Can anyone see what I mucked up and help me get the port
forwarding working?
Thanks for your time and help.
Doug O'Leary
-------------------------
Douglas K. O'Leary
Senior UNIX System Administrator
-------------------------
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
