[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kernel Squeeze

> iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
NEW,RELATED,ESTABLISHED 

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            10.3.8.148          tcp
dpt:8080 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED 

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
NEW,RELATED,ESTABLISHED

> iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       tcp  --  0.0.0.0/0            141.89.59.3         tcp dpt:80
to:10.3.8.148:8080 

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  10.3.8.0/24          0.0.0.0/0           to:x.x.x.x 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Gruß,
Klemens

> 
> 
> Am 14.09.11 schrieb Klemens Kittan <klemens.kittan@cs.uni-potsdam.de>:
> > On Wed, 2011-09-14 at 10:10 +0200, Frank Lanitz wrote:
> >> Am 14.09.2011 09:50, schrieb Klemens Kittan:
> >> > Hallo,
> >> >
> >> > ich habe unter Debian Squeeze mehrere Router laufen. Seit dem ich die
> >> > letzten Updates eingespielt habe funktioniert das Port Forwarding nicht
> >> > mehr.
> >> >
> >> > Folgende Pakete wurden aktualisiert:
> >> > - linux-base 2.6.32-35squeeze1 -> 2.6.32-35squeeze2
> >> > - linux-image-2.6.32-5-686 2.6.32-35squeeze1 -> 2.6.32-35squeeze2
> >> >
> >> > Hat jemand ein ähnliches Problem? Oder besser eine Idee wo ich noch
> >> > nachsehen kann?
> >>
> >> Wie machst Du das forwarding denn?
> >>
> > Bis zum Update hat es Wochenlang funktioniert. Hier meine
> > iptables-Regeln:
> >
> > # --- forward --------------------------------------------------------
> > iptables -A FORWARD -i ${INT_IFACE} -o ${EXT_IFACE} -j ACCEPT
> > iptables -A FORWARD -i ${EXT_IFACE} -o ${INT_IFACE} -p tcp --dst
> > ${WEB_IP} --dport 8080 -j ACCEPT
> > iptables -A FORWARD -i ${EXT_IFACE} -o ${INT_IFACE} -m state --state
> > ESTABLISHED,RELATED -j ACCEPT
> >
> > # --- snat -----------------------------------------------------------
> > iptables -t nat -A POSTROUTING -o ${EXT_IFACE} -s ${INT_NET} -j SNAT
> > --to-source ${EXT_IP}
> >
> > # --- dnat -----------------------------------------------------------
> > iptables -t nat -A PREROUTING -i ${EXT_IFACE} -p tcp --dst ${EXT_IP}
> > --dport 80 -j DNAT --to-destination ${WEB_IP}:8080
> >
> > Gruß,
> > Klemens
> >
> 
> 
-- 
Klemens Kittan
Systemadministrator

Uni-Potsdam, Inst. f. Informatik
August-Bebel-Str. 89
14482 Potsdam

Tel.    : +49-331-9773125
Fax.    : +49-331-9773122
Email   : klemens.kittan@cs.uni-potsdam.de
XMPP    : kittan@jabber.ccc.de

gpg --recv-keys --keyserver wwwkeys.de.pgp.net 6EA09333

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: