port forward not working.
Hi all,
Can anyone help me on why my iptable forward doesn't work.
I have 1 machine A with ip 10.61.9.70 and 192.168.8.1,
another machine B with 192.168.8.74.
another machine C with 10.61.9.71.
I can ssh from C to A.
I can ssh from A to B.
I try to forward port 2274 of B to A.
Then I try to access from C to A, using
ssh -p 2274 10.61.9.70 -l root.
But It doesn't work.
eth0 of A is 10.61.9.70
eth1 of A is 192.168.8.1
Here is the output of iptables -L -n from A
--------------------------------------------
root@gw:/var/log # iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ipac~o all -- 0.0.0.0/0 0.0.0.0/0
BADTCP all -- 0.0.0.0/0 0.0.0.0/0
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02 limit: avg 10/sec burst 5
CUSTOMINPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
DROP all -- 127.0.0.0/8 0.0.0.0/0 state NEW
DROP all -- 0.0.0.0/0 127.0.0.0/8 state NEW
ACCEPT !icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
DHCPBLUEINPUT all -- 0.0.0.0/0 0.0.0.0/0
IPSECRED all -- 0.0.0.0/0 0.0.0.0/0
IPSECBLUE all -- 0.0.0.0/0 0.0.0.0/0
WIRELESSINPUT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
REDINPUT all -- 0.0.0.0/0 0.0.0.0/0
XTACCESS all -- 0.0.0.0/0 0.0.0.0/0 state NEW
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min
burst 5 LOG flags 0 level 4 prefix `INPUT '
Chain FORWARD (policy DROP)
target prot opt source destination
ipac~fi all -- 0.0.0.0/0 0.0.0.0/0
ipac~fo all -- 0.0.0.0/0 0.0.0.0/0
BADTCP all -- 0.0.0.0/0 0.0.0.0/0
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x02 TCPMSS clamp to PMTU
CUSTOMFORWARD all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
DROP all -- 127.0.0.0/8 0.0.0.0/0 state NEW
DROP all -- 0.0.0.0/0 127.0.0.0/8 state NEW
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
WIRELESSFORWARD all -- 0.0.0.0/0 0.0.0.0/0 state NEW
REDFORWARD all -- 0.0.0.0/0 0.0.0.0/0
PORTFWACCESS all -- 0.0.0.0/0 0.0.0.0/0 state NEW
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min
burst 5 LOG flags 0 level 4 prefix `OUTPUT '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ipac~i all -- 0.0.0.0/0 0.0.0.0/0
CUSTOMOUTPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain BADTCP (2 references)
target prot opt source destination
PSCAN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
PSCAN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
PSCAN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
PSCAN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
PSCAN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
NEWNOTSYN tcp -- anywhere anywhere tcp
flags:!SYN,RST,ACK/SYN state NEW
Chain CUSTOMFORWARD (1 references)
target prot opt source destination
Chain CUSTOMINPUT (1 references)
target prot opt source destination
Chain CUSTOMOUTPUT (1 references)
target prot opt source destination
Chain DHCPBLUEINPUT (1 references)
target prot opt source destination
Chain DMZHOLES (0 references)
target prot opt source destination
Chain IPSECBLUE (1 references)
target prot opt source destination
Chain IPSECRED (1 references)
target prot opt source destination
Chain LOG_DROP (0 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min
burst 5 LOG flags 0 level 4
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain LOG_REJECT (0 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min
burst 5 LOG flags 0 level 4
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable
Chain NEWNOTSYN (0 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min
burst 5 LOG flags 0 level 4 prefix `NEW not SYN? '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain PORTFWACCESS (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 192.168.8.71 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 192.168.8.72 tcp dpt:8080
ACCEPT tcp -- 0.0.0.0/0 192.168.8.72 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 192.168.8.9 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 192.168.8.74 tcp dpt:22
Chain PSCAN (5 references)
target prot opt source destination
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min
burst 5 LOG flags 0 level 4 prefix `TCP Scan? '
LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min
burst 5 LOG flags 0 level 4 prefix `UDP Scan? '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min
burst 5 LOG flags 0 level 4 prefix `ICMP Scan? '
LOG all -f 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min
burst 5 LOG flags 0 level 4 prefix `FRAG Scan? '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain REDFORWARD (1 references)
target prot opt source destination
Chain REDINPUT (1 references)
target prot opt source destination
Chain WIRELESSFORWARD (1 references)
target prot opt source destination
Chain WIRELESSINPUT (1 references)
target prot opt source destination
Chain XTACCESS (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 10.61.9.70 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 10.61.9.70 tcp dpt:222
ACCEPT tcp -- 0.0.0.0/0 10.61.9.70 tcp dpt:2271
ACCEPT tcp -- 0.0.0.0/0 10.61.9.70 tcp dpt:8080
ACCEPT tcp -- 0.0.0.0/0 10.61.9.70 tcp dpt:2272
ACCEPT tcp -- 0.0.0.0/0 10.61.9.70 tcp dpt:2275
ACCEPT tcp -- 0.0.0.0/0 10.61.9.70 tcp dpt:2274
Chain ipac~fi (1 references)
target prot opt source destination
all -- 0.0.0.0/0 0.0.0.0/0
all -- 0.0.0.0/0 0.0.0.0/0
Chain ipac~fo (1 references)
target prot opt source destination
all -- 0.0.0.0/0 0.0.0.0/0
all -- 0.0.0.0/0 0.0.0.0/0
Chain ipac~i (1 references)
target prot opt source destination
all -- 0.0.0.0/0 0.0.0.0/0
all -- 0.0.0.0/0 0.0.0.0/0
Chain ipac~o (1 references)
target prot opt source destination
all -- 0.0.0.0/0 0.0.0.0/0
all -- 0.0.0.0/0 0.0.0.0/0
--------------------------------------------
Any clues?
Thanks
Regards
Simon Chen.
Reply to: