Re: forwarding udp usint the Debian ipmasq package
Hi. It still doesn't work. the only rules in the PREROUTING table are
the ones added by my script.
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT udp -- anywhere public_ip udp
dpts:2074:2076 to:local_ip
DNAT udp -- anywhere public_ip udp
dpts:4074:4076 to:local_ip
The other 2 nat tables contain
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- hittsjunk.net/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
This looks the same as it did when the rules worked. Hittsjunk.net is
the local network. Thanks to dyndns.org, you can get to the public IP
from the internet using hittsjunk.net, but reverse DNS doesn't work.
Thanks in advance.
Kenny
On Wed, Oct 06, 2004 at 11:28:35AM -0700, Mike Mestnik wrote:
> Try replacing -A with -I. If this workes look at the output of "iptables
> -t nat -L PREROUTING" you should see your rules. Starting at the top work
> your way down untill you find a rule that would laso match these pkts.
> This rule would be the one causing all the problems.
>
> --- Kenny Hitt <kenny@hittsjunk.net> wrote:
>
> > Hi. I'm trying to forward UDP ports to a computer running on my local
> > network from the internet. I'm using the ipmasq package in Debian to
> > masquerade my local network. Last year I was able to forward ports
> > 4074-4076 and 2074-2076 with the following rules.
> >
> > iptables -A PREROUTING -t nat -p udp -d public_ip --dport 4074:4076 -j
> > DNAT --to local_ip
> > iptables -A PREROUTING -t nat -p udp -d public_ip --dport 2074:2076 -j
> > DNAT --to local_ip
> >
> > I stopped doing it for a while because I was running the app that used
> > these ports on the box that was the gateway for the network. When I
> > tried to use the rules again, they no longer work. I get the following
> > message in my logs
> >
> > IN=eth0 OUT=eth1 SRC=129.100.109.65 DST=local_ip LEN=96 TOS=0x00
> > PREC=0xA0 TTL=47 ID=0 DF PROTO=UDP SPT=2074 DPT=2075 LEN=76
> >
> > Public_ip is my IP address on the internet (the IP of eth0) Local_ip is
> > the address of the system on my local network. The IP address in the
> > error is the IP of the system I'm trying to reach. Eth1 is connected to
> > my local network.
> > Basically, I'm trying to use a speak_freely reflector running on the IP
> > address in the error.
> > Does anyone have an idea what other rules I need to get this working
> > again?
> >
> > Thanks in advance for any help.
> > Kenny
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
> >
> >
>
>
>
>
> _______________________________
> Do you Yahoo!?
> Declare Yourself - Register online to vote today!
> http://vote.yahoo.com
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: