iptables port fowarding rules help ..

Mario Frechette mariof2000 at videotron.ca
Wed Dec 13 17:25:15 UTC 2006 

Hi .. I  will trie to explain my problem as clearly as as i can
..english in not my native language so..

there it goes

i have just installed ubuntu server 6.06 LTS and iptables as a firewall
router and dhcp server . that use "dnsmasq" and it  works fine for DHCP
& NAT except for "Ip forwarding part"
i would like to port forward an application   like " anypc " to a
windows xp host on  my private network

anypc ..needs tcp  port 5479  for connection & 4379 for file transfering

eth0=internal IP ..LAN on the router 192.168.123.105
eth1=external IP "modem" xxx.xxx.xxx.xxx
192.168.123.107= XP host that runs "anypc"

here 's my script

#!/bin/sh

start() {


/sbin/ifup eth1
iptables -F
iptables -X

#
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

#NAT & MANGLE tables
iptables -t nat -F
iptables -t nat -X
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT

iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT


#Accepting local connections
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT


#####port forwarding rules ##########################################

iptables -t nat -A PREROUTING -p tcp -i eth1 -d xxx.xxx.xxx.xxx --dport
5279 \
--sport 5279 -j DNAT --to 192.168.123.107:5279
iptables -t nat -A PREROUTING -p tcp -i eth1 -d xxx.xxx.xxx.xxx --dport
4279 \
--sport 4279 -j DNAT --to 192.168.123.107:4279
iptables -A FORWARD -p tcp -i eth1  -o eth0 -d 192.168.123.107 --dport
5279 --sport 5279 -m state --state NEW -j ACCEPT
iptables -A FORWARD -p tcp -i eth1 -o eth0  -d 192.168.123.107 --dport
4279 --sport 4279 -m state --state NEW -j ACCEPT

iptables -A FORWARD -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j
ACCEPT
iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

###########################################################################
# activation of forwarding in the kernel

echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.123.0/24 -o eth1 -j MASQUERADE

}

stop() {
        echo 0 >/proc/sys/net/ipv4/ip_forward
        ifdown eth1
}

case "$1" in
start)
        start
        ;;

stop)
        stop
        ;;
restart)
        stop && start
        ;;
*)
        echo "Usage $0 {start|stop|restart}"
        exit 1
esac

exit 0
########################################

i don't get anny error when I run /etc/init.d/iptables restart  on the
router part

I am testing this connection  with a kubuntu station that runs VMWARE "
win2000-pro-image"
"anypc" works fine when I run the internal address 192.168.123.107...but
when I try to connect throuh
the xxx.xxx.xxx.xxx address "anypc" complains  about the host not
running the services.. and ask to install
the "anypc software" on the host..xxx.xxx.xxx.xxx

i am not a Pro at IPTABLES  but is there anything obviously wrong with
this script ??

or i am i wrong all the way ???

thanks for help

mario

More information about the kubuntu-users mailing list