On Wednesday 20 March 2002 12:42, Corin Langosch wrote:
> Hi,
>
> i'm trying to setup port-forwarding on my server using iptables.
> (iptables v1.2.1a, kernel version 2.4.16-4GB, suse 7.2)
> Unuckily it doesn't work. :-(
> I want that all connections arriving at the server at port 4047
> get forwareded to 192.168.1.3:4047. Some connections will get to
> the server over eth0, some will get there over ppp0, but in
> general it should work for all packets arriving no matter what
> interface.
>
> My current firewall script looks like:
> --------------
> #!/bin/sh
>
> IPTABLES=/usr/sbin/iptables
>
> # alle erforderlichen module laden
> /sbin/modprobe iptable_nat
> /sbin/modprobe ip_nat_ftp
> /sbin/modprobe ip_conntrack_ftp
>
> # alles zurÁcksetzten
> $IPTABLES -P INPUT ACCEPT
> $IPTABLES -P OUTPUT ACCEPT
> $IPTABLES -P FORWARD ACCEPT
> $IPTABLES -F INPUT
> $IPTABLES -F OUTPUT
> $IPTABLES -F FORWARD
> $IPTABLES -F -t nat
> $IPTABLES -F -t mangle
>
> # Kill malformed packets
>
> # Block XMAS packets
> $IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
> $IPTABLES -A FORWARD -p tcp --tcp-flags ALL ALL -j DROP
Maybe packets are dropped here. You should have a look at the packet counters.
>
> # port redirect for web-beamer
> #$IPTABLES -A INPUT -p tcp --syn --destination-port 4047 -j ACCEPT
> #$IPTABLES -A FORWARD -p tcp --dport 4047 -j ACCEPT
Here you should insert a rule into the forward chain to accept these packets.
IPTABLES -I 1 FORWARD ... (not 100% sure about syntax maybe -I FORWARD 1)
Otherwise packets will be dropped as mentioned above.
> $IPTABLES -t nat -A PREROUTING -p tcp --dport 4047 -j DNAT --to
> 192.168.1.3:4047
>
Greetings
Axel
