[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: desperate! can't get port forwarding to work on debian testing 2.6.15



I've just set up a new machine running debian testing with a 2.6.15
kernel and I'm having some real trouble getting port forwarding to
work..

I've got a firewall script (modded TrinityOS Firewall) that port forwards just fine with the inclusion of the following 2 lines

$IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 10.121.128.98 --dport 411 -j DNAT --to 192.168.0.2:80
$IPTABLES -A FORWARD -p tcp -i eth0 -d 192.168.0.4 --dport 411 -j ACCEPT

Here's the guts of the script...

echo "   Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo
echo -e "      - Allowing EXTERNAL access to the WWW server"
echo
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d $UNIVERSE --dport 80 -j ACCEPT

#echo
echo -e "      - Allowing EXTERNAL access to the FTP server"
echo
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d $UNIVERSE --dport 20 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d $UNIVERSE --dport 21 -j ACCEPT

echo -e "      - Allowing EXTERNAL access to the SSH server"
echo
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d $UNIVERSE --dport 22 -j ACCEPT #$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d $UNIVERSE --dport 21 -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 10.121.128.98 --dport 411 -j DNAT --to 192.168.0.2:80
$IPTABLES -A FORWARD -p tcp -i eth0 -d 192.168.0.4 --dport 411 -j ACCEPT

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

$IPTABLES -A FORWARD -i $EXTIF -o $WIFIIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $WIFIIF -o $EXTIF -j ACCEPT

#$IPTABLES -A FORWARD -j LOG

echo "   Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

echo -e "\nDone.\n"

I use it on a wifi router that connects my LAN to a club wifi WAN. Debian Sarge 2.6.8 Kernel.

Hope this helps

Regards

Ross



Reply to: