Re: desperate! can't get port forwarding to work on debian testing 2.6.15
I've just set up a new machine running debian testing with a 2.6.15
kernel and I'm having some real trouble getting port forwarding to
work..
I've got a firewall script (modded TrinityOS Firewall) that port
forwards just fine with the inclusion of the following 2 lines
$IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 10.121.128.98 --dport
411 -j DNAT --to 192.168.0.2:80
$IPTABLES -A FORWARD -p tcp -i eth0 -d 192.168.0.4 --dport 411 -j ACCEPT
Here's the guts of the script...
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo
echo -e " - Allowing EXTERNAL access to the WWW server"
echo
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED
-p tcp -s $UNIVERSE -d $UNIVERSE --dport 80 -j ACCEPT
#echo
echo -e " - Allowing EXTERNAL access to the FTP server"
echo
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED
-p tcp -s $UNIVERSE -d $UNIVERSE --dport 20 -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED
-p tcp -s $UNIVERSE -d $UNIVERSE --dport 21 -j ACCEPT
echo -e " - Allowing EXTERNAL access to the SSH server"
echo
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED
-p tcp -s $UNIVERSE -d $UNIVERSE --dport 22 -j ACCEPT
#$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED
-p tcp -s $UNIVERSE -d $UNIVERSE --dport 21 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 10.121.128.98 --dport
411 -j DNAT --to 192.168.0.2:80
$IPTABLES -A FORWARD -p tcp -i eth0 -d 192.168.0.4 --dport 411 -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $WIFIIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $WIFIIF -o $EXTIF -j ACCEPT
#$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "\nDone.\n"
I use it on a wifi router that connects my LAN to a club wifi WAN.
Debian Sarge 2.6.8 Kernel.
Hope this helps
Regards
Ross
Reply to: