AW: Netfilter Port Forwarding Problem

To: "'Makara'" <kingofyuri@yahoo.com>
Cc: <debian-firewall@lists.debian.org>
Subject: AW: Netfilter Port Forwarding Problem
From: "Dominik Fahr" <tb@blub.at>
Date: Mon, 30 Apr 2007 10:24:43 +0200
Message-id: <[🔎] 002301c78b01$0169af40$2101a8c0@PC33>
In-reply-to: <[🔎] 463599AF.90400@volny.cz>

Hi!

I have a internet-connection (eth0) and a internal interface (eth1)
my goal is to forward the following tcp-port: 195.x.x.x:5900 =>
192.168.1.6:5900

On Debian/Sarge (Kernel 2.4.27-2-386 / iptables v1.2.11) does it work fine:
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 195.x.x.x --dport 5900 -j
DNAT --to 192.168.1.6:5900
iptables -A FORWARD -p tcp -i eth0 -d 192.168.1.6 --dport 5900 -j ACCEPT

with nmap, I get the this State on the Port 5900
Port       State       Service
5900/tcp   open        vnc

On Debian/Etch (Kernel 2.6.18-4-k7 / iptables v1.3.6), I get the
"filtered"-State and I get connection refused on connecting
Port       State       Service
5900/tcp   filtered    vnc

I think the Kernel 2.6 has some different security-settings to Kernel 2.4
Does anybody know a solution for my problem?

best regards

Dom 


> -----Ursprüngliche Nachricht-----
> Von: tomfi [mailto:tomfi@volny.cz] 
> Gesendet: Montag, 30. April 2007 09:25
> An: Makara
> Cc: debian-firewall@lists.debian.org
> Betreff: Re: Netfilter Port Forwarding Problem
> 
> You don't know why it works? Or you don't know why it does not work ?
> 
> I think it doesn't work... If you have Internet connected 
> Webserver and
> there is requirement to establish a connection over localnetwork to
> internet, the webserver try to respond over his internet connection,
> because server know diferent way to the Internet then your firewall.
> 
> That's why.
> 
> Tomfi
> 
> 
> Makara napsal(a):
> > Hi all,
> > 
> > I have 2 internet connections ip $ipinet1 for other
> > traffics and $ipinet2 for mail it works properly.
> > I want to allow the connection from internet connect
> > to my local web server(172.16.0.4) via $ipinet1 so I
> > do port forwarding
> > 
> > iptables -A PREROUTING -t nat -i $ifinet1  -d $ipinet1
> > -p tcp --dport 80 -j DNAT  --to 172.16.0.4:80
> > 
> > I allow FORWARD Rule from firewall to my local
> > webserver
> > 
> > iptables -A FORWARD -m state --state
> > RELATED,ESTABLISHED -j ACCEPT
> > 
> > iptables -A FORWARD -p tcp --dport 80 -i $ifinet1 -o
> > $iflocalnet -j ACCEPT
> > 
> > I don't know why it does work? if you have any idea
> > please help.
> > 
> > Thanks
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam protection around 
> > http://mail.yahoo.com 
> > 
> > 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org
>

Reply to:

References:
- Re: Netfilter Port Forwarding Problem
  - From: tomfi <tomfi@volny.cz>

Prev by Date: Re: how to log iptables
Previous by thread: Re: Netfilter Port Forwarding Problem
Next by thread: Re: how to log iptables
Index(es):
- Date
- Thread