iptables port fowarding rules help ..

John L Fjellstad john-ubuntu at fjellstad.org
Thu Dec 14 03:15:43 UTC 2006

Mario Frechette <mariof2000 at videotron.ca> writes:

> i don't get anny error when I run /etc/init.d/iptables restart  on the
> router part
> I am testing this connection  with a kubuntu station that runs VMWARE "
> win2000-pro-image"
> "anypc" works fine when I run the internal address
> when I try to connect throuh
> the xxx.xxx.xxx.xxx address "anypc" complains  about the host not
> running the services.. and ask to install
> the "anypc software" on the host..xxx.xxx.xxx.xxx
> i am not a Pro at IPTABLES  but is there anything obviously wrong with
> this script ??
> or i am i wrong all the way ???

Off hand I can' see anything wrong, so I'm guessing it's a rule
problem. As in, you haven't opened the right port or forwarded the right

In this instance, I would just create a logging rule, so you can see
what the package actually look like.
Do something like
iptables -t nat -A PREROUTING -p tcp --dport 5279 -j LOG

(or even remove the dport if you want to log everything).

That way you can actually see if the package that comes in actually come
from somewhere with source port 5279

Basically, your rule 
iptables -t nat -A PREROUTING -p tcp -i eth1 -d xxx.xxx.xxx.xxx --dport
5279 \
--sport 5279 -j DNAT --to

says a tcp package coming in on interface eth1 with destination
xxx.xxx.xxx.xxx and destination port 5279 AND with source port 5279 gets
sent to on port 5279

I'm thinking this rule is too specific (does it really come from port

John L. Fjellstad
web: http://www.fjellstad.org/          Quis custodiet ipsos custodes

More information about the kubuntu-users mailing list