Re: forwarding udp usint the Debian ipmasq package
--- Kenny Hitt <kenny@hittsjunk.net> wrote:
> Hi. It still doesn't work. the only rules in the PREROUTING table are
> the ones added by my script.
>
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> DNAT udp -- anywhere public_ip udp
> dpts:2074:2076 to:local_ip
> DNAT udp -- anywhere public_ip udp
> dpts:4074:4076 to:local_ip
>
> The other 2 nat tables contain
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> MASQUERADE all -- hittsjunk.net/24 anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> This looks the same as it did when the rules worked. Hittsjunk.net is
> the local network. Thanks to dyndns.org, you can get to the public IP
> from the internet using hittsjunk.net, but reverse DNS doesn't work.
>
> Thanks in advance.
> Kenny
>
> On Wed, Oct 06, 2004 at 11:28:35AM -0700, Mike Mestnik wrote:
> > Try replacing -A with -I. If this workes look at the output of
> "iptables
> > -t nat -L PREROUTING" you should see your rules. Starting at the top
> work
> > your way down untill you find a rule that would laso match these pkts.
>
Adding a "-v" will show some usefull counters. It also should show the
*rest* of the rule used that I can't see, like the interfaces "-i". You
should add "-i eth0" and posibly remove the check for public_ip "-d
public_ip".
> > This rule would be the one causing all the problems.
> >
> > --- Kenny Hitt <kenny@hittsjunk.net> wrote:
> >
> > > Hi. I'm trying to forward UDP ports to a computer running on my
> local
> > > network from the internet. I'm using the ipmasq package in Debian
> to
> > > masquerade my local network. Last year I was able to forward ports
> > > 4074-4076 and 2074-2076 with the following rules.
> > >
> > > iptables -A PREROUTING -t nat -p udp -d public_ip --dport 4074:4076
> -j
> > > DNAT --to local_ip
> > > iptables -A PREROUTING -t nat -p udp -d public_ip --dport 2074:2076
> -j
> > > DNAT --to local_ip
> > >
> > > I stopped doing it for a while because I was running the app that
> used
> > > these ports on the box that was the gateway for the network. When I
> > > tried to use the rules again, they no longer work. I get the
> following
> > > message in my logs
> > >
> > > IN=eth0 OUT=eth1 SRC=129.100.109.65 DST=local_ip LEN=96 TOS=0x00
> > > PREC=0xA0 TTL=47 ID=0 DF PROTO=UDP SPT=2074 DPT=2075 LEN=76
> > >
> > > Public_ip is my IP address on the internet (the IP of eth0) Local_ip
> is
> > > the address of the system on my local network. The IP address in
> the
> > > error is the IP of the system I'm trying to reach. Eth1 is
> connected to
> > > my local network.
> > > Basically, I'm trying to use a speak_freely reflector running on the
> IP
> > > address in the error.
> > > Does anyone have an idea what other rules I need to get this working
> > > again?
> > >
> > > Thanks in advance for any help.
> > > Kenny
> > >
> > >
> > > --
> > > To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> > > with a subject of "unsubscribe". Trouble? Contact
> > > listmaster@lists.debian.org
> > >
> > >
> >
> >
> >
> >
> > _______________________________
> > Do you Yahoo!?
> > Declare Yourself - Register online to vote today!
> > http://vote.yahoo.com
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
Reply to: