Re: Port forwarding with ipmasq

To: debian-user@lists.debian.org
Subject: Re: Port forwarding with ipmasq
From: Bill Goudie <bgoudie@mail.com>
Date: Sat, 20 Dec 2003 17:21:44 -0600
Message-id: <[🔎] 20031220232144.GB32031@zeus>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20031216130644.GA6401@atlas>
References: <[🔎] 20031216130644.GA6401@atlas>

On Tue, Dec 16, 2003 at 09:06:44PM +0800, Brendan Bache wrote:
> I'm running debian woody on my gateway with the ipmasq package installed
> and I need to do some port forwarding. For instance, I need to forward
> some ports for BitTorrent running on a box on my LAN so I created a file
> /etc/ipmasq/rules/F10bt.rul
> 
> ---F10bt.rul---
> ipnm_cache ppp0
> btPorts="6881 6882"
> 
> for port in $btPorts;
> do
>     $IPTABLES -A PREROUTING -t nat -p tcp -d $IPOFIF/$NMOFIF --dport $port
>         -j DNAT --to-destination 10.0.0.2:$port
>     $IPTABLES -A FORWARD -p tcp -d $IPOFIF/$NMOFIF --dport $port -m
>         state --state NEW,ESTABLISHED,RELATED -j ACCEPT
> done
> ---/F10bt.rul---
> 
> Where ppp0 is my external interface and 10.0.0.2 is the box on the LAN
> that is running the BitTorrent client. From the gateway I can connect to
> 10.0.0.2 on port 6881. However if I try using the IP of my external
> interface then I get connection refused. What's wrong with my rules? I
> haven't changed anything about the default ipmasq setup other than
> adding that .rul file and masquerading is working fine, it's just port
> forwarding that is having problems. Using iptables -L and iptables -t
> nat -L I can see that these rules are being added to their respective
> chains without issue.

I haven't used the ipmasq package, but maybe some suggestions will
get you going in the right direction.

  - Check the byte counters for these rules and make sure they are
	incremented.  If they are not, maybe you need to adjust the rules
	(bad port, wrong protocol, etc.) or maybe another rule earlier in
	the chain is dropping/rejecting the packets.  Also, although
	unlikely, it is possible these packets are being dropped upstream.

  - Make sure you log all dropped/rejected packets.  Run a test and then
	review your logs. 

  - Run tcpdump on the internal interface of the router.  If you don't
	see traffic leaving your router, something must be wrong with the
	firewall rules.

  - Run tcpdump on the interface for the BitTorrent server.

  - Although obvious, ensure BitTorrent is running and the configuration
	is correct and permits connections from the client.

-- 
I have always noticed that whenever a radical takes to Imperialism,
he catches it in a very acute form.
		-- Winston Churchill, 1903

Reply to:

References:
- Port forwarding with ipmasq
  - From: Brendan Bache <moosh@arach.net.au>

Prev by Date: Re: QuickTime for Linux?
Next by Date: Re: Comment on HP printer working on Debian 3.0
Previous by thread: Port forwarding with ipmasq
Next by thread: XP-LINUX Dual Boot
Index(es):
- Date
- Thread