Port Forwarding
Troy Amburg
troya at u.washington.edu
Wed Dec 19 17:49:25 UTC 2007
So you can traceroute from Machine1 to Machine2 without any problem,
and you can telnet to the port in question, from Machine1 to
Machine2? If that's the case, I guess I don't understand what's not
working.
On Dec 19, 2007, at 9:43 AM, Steven Buehler wrote:
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
>> bounces at redhat.com] On Behalf Of Troy Amburg
>> Sent: Wednesday, December 19, 2007 11:34 AM
>> To: General Red Hat Linux discussion list
>> Subject: Re: Port Forwarding
>>
>> Do you have a traceroute from Machine1 to Machine2? Also, is the
>> default route set correctly on Machine1?
>>
>> On Dec 19, 2007, at 9:07 AM, Steven Buehler wrote:
>>
>>> I am trying to do port forwarding and I just can't seem to get it
>>> to work.
>>> I hope that someone can help.
>>>
>>> Machine 1 is running RHEL AS 4.4 with the 2.6.9-42.0.2.ELsmp kernel.
>>> iptables has been running as my firewall since I set it up.
>>>
>>> I am trying to get anything that comes in to port 3389 on "Machine
>>> 1" to go
>>> to "Machine2" at a different location. Lets say for this that the
>>> IP of
>>> "Machine1" is 70.70.70.70 and the remote machine ("Machine 2") that
>>> I want
>>> to forward to is 209.209.209.209. I am assuming that I don't have
>>> to do
>>> anything on "Machine2" except make sure the firewall for that port
>>> is opened
>>> to "Machine 1".
>>>
>>> I have done the following on "Machine 1":
>>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>>
>>> Here is my /etc/sysconfig/iptables file from "Machine 1". This is
>>> not the
>>> one that I would normally use because it is to open, but am for
>>> testing.
>>> ####################
>>> # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
>>> *nat
>>> :PREROUTING ACCEPT [3:536]
>>> :POSTROUTING ACCEPT [9:635]
>>> :OUTPUT ACCEPT [8:583]
>>> -A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination
>>> 209.209.209.209:80
>>> COMMIT
>>> # Completed on Wed Dec 19 10:50:11 2007
>>> # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
>>> *mangle
>>> :PREROUTING ACCEPT [318:24902]
>>> :INPUT ACCEPT [312:24214]
>>> :FORWARD ACCEPT [3:152]
>>> :OUTPUT ACCEPT [276:32613]
>>> :POSTROUTING ACCEPT [279:32765]
>>> COMMIT
>>> # Completed on Wed Dec 19 10:50:11 2007
>>> # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
>>> *filter
>>> :INPUT ACCEPT [0:0]
>>> :FORWARD ACCEPT [0:0]
>>> :OUTPUT ACCEPT [276:32613]
>>> :RH-Firewall-1-INPUT - [0:0]
>>> -A INPUT -j RH-Firewall-1-INPUT
>>> -A FORWARD -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT
>>> -A FORWARD -j RH-Firewall-1-INPUT
>>> -A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
>>> -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
>>> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
>>> -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
>>> -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j
>>> ACCEPT
>>> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
>>> -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j
>>> ACCEPT
>>> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
>>> COMMIT
>>> # Completed on Wed Dec 19 10:50:11 2007
>>> ####################
>>>
>>> Thanks
>>> Steve
>>>
>
> A traceroute shows no problems. Goes to the remote machine just
> fine. I
> can also access the port on the remote machine with no problems.
>
> [root at mymachine]# route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref
> Use
> Iface
> 70.70.70.0 0.0.0.0 255.255.255.0 U 0
> 0 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0
> 0 0 eth0
> 0.0.0.0 70.70.70.175 0.0.0.0 UG 0
> 0 0 eth0
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list