iptables port fowarding rules help ..
John L Fjellstad
john-ubuntu at fjellstad.org
Thu Dec 14 03:15:43 UTC 2006
Mario Frechette <mariof2000 at videotron.ca> writes:
> i don't get anny error when I run /etc/init.d/iptables restart on the
> router part
>
> I am testing this connection with a kubuntu station that runs VMWARE "
> win2000-pro-image"
> "anypc" works fine when I run the internal address 192.168.123.107...but
> when I try to connect throuh
> the xxx.xxx.xxx.xxx address "anypc" complains about the host not
> running the services.. and ask to install
> the "anypc software" on the host..xxx.xxx.xxx.xxx
>
> i am not a Pro at IPTABLES but is there anything obviously wrong with
> this script ??
>
> or i am i wrong all the way ???
Off hand I can' see anything wrong, so I'm guessing it's a rule
problem. As in, you haven't opened the right port or forwarded the right
package.
In this instance, I would just create a logging rule, so you can see
what the package actually look like.
Do something like
iptables -t nat -A PREROUTING -p tcp --dport 5279 -j LOG
(or even remove the dport if you want to log everything).
That way you can actually see if the package that comes in actually come
from somewhere with source port 5279
Basically, your rule
iptables -t nat -A PREROUTING -p tcp -i eth1 -d xxx.xxx.xxx.xxx --dport
5279 \
--sport 5279 -j DNAT --to 192.168.123.107:5279
says a tcp package coming in on interface eth1 with destination
xxx.xxx.xxx.xxx and destination port 5279 AND with source port 5279 gets
sent to 192.168.123.107 on port 5279
I'm thinking this rule is too specific (does it really come from port
5279?)
--
John L. Fjellstad
web: http://www.fjellstad.org/ Quis custodiet ipsos custodes
More information about the kubuntu-users
mailing list