Re: Port Forwarding

---

• From: Troy Amburg <troya@xxxxxxxxxxxxxxxx>
• Date: Wed, 19 Dec 2007 09:49:25 -0800

---

So you can traceroute from Machine1 to Machine2 without any problem, and you can telnet to the port in question, from Machine1 to Machine2? If that's the case, I guess I don't understand what's not working.



On Dec 19, 2007, at 9:43 AM, Steven Buehler wrote:

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
bounces@xxxxxxxxxx] On Behalf Of Troy Amburg
Sent: Wednesday, December 19, 2007 11:34 AM
To: General Red Hat Linux discussion list
Subject: Re: Port Forwarding

Do you have a traceroute from Machine1 to Machine2? Also, is the
default route set correctly on Machine1?

On Dec 19, 2007, at 9:07 AM, Steven Buehler wrote:

I am trying to do port forwarding and I just can't seem to get it
to work.
I hope that someone can help.

Machine 1 is running RHEL AS 4.4 with the 2.6.9-42.0.2.ELsmp kernel.
iptables has been running as my firewall since I set it up.

I am trying to get anything that comes in to port 3389 on "Machine
1" to go
to "Machine2" at a different location. Lets say for this that the
IP of
"Machine1" is 70.70.70.70 and the remote machine ("Machine 2") that
I want
to forward to is 209.209.209.209. I am assuming that I don't have
to do
anything on "Machine2" except make sure the firewall for that port
is opened
to "Machine 1".

I have done the following on "Machine 1":
echo 1 > /proc/sys/net/ipv4/ip_forward

Here is my /etc/sysconfig/iptables file from "Machine 1". This is
not the
one that I would normally use because it is to open, but am for
testing.
####################
# Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
*nat
:PREROUTING ACCEPT [3:536]
:POSTROUTING ACCEPT [9:635]
:OUTPUT ACCEPT [8:583]
-A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination
209.209.209.209:80
COMMIT
# Completed on Wed Dec 19 10:50:11 2007
# Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
*mangle
:PREROUTING ACCEPT [318:24902]
:INPUT ACCEPT [312:24214]
:FORWARD ACCEPT [3:152]
:OUTPUT ACCEPT [276:32613]
:POSTROUTING ACCEPT [279:32765]
COMMIT
# Completed on Wed Dec 19 10:50:11 2007
# Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [276:32613]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j
ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Dec 19 10:50:11 2007
####################

Thanks
Steve

A traceroute shows no problems. Goes to the remote machine just fine. I
can also access the port on the remote machine with no problems.

[root@mymachine]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
70.70.70.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 70.70.70.175 0.0.0.0 UG 0 0 0 eth0


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

---

• Follow-Ups:
  • RE: Port Forwarding
    • From: Steven Buehler
  • RE: Port Forwarding
    • From: Broekman, Maarten

• References:
  • Port Forwarding
    • From: Steven Buehler
  • Re: Port Forwarding
    • From: Troy Amburg
  • RE: Port Forwarding
    • From: Steven Buehler

• Prev by Date: RE: Port Forwarding
• Next by Date: RE: Port Forwarding
• Previous by thread: RE: Port Forwarding
• Next by thread: RE: Port Forwarding
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Port Forwarding ... I can do it with port 80. ... Subject: Port Forwarding ... Do you have a traceroute from Machine1 to Machine2? ... can also access the port on the remote machine with no problems. ... (RedHat) RE: Port Forwarding ... Subject: Port Forwarding ... Do you have a traceroute from Machine1 to Machine2? ... can also access the port on the remote machine with no problems. ... (RedHat) RE: Port Forwarding ... Silly question, but after the packets go through your nat table, are ... they still destined for port 3389 or are they now destined for port 80 ... It sounds like once you've done your prerouting and DNAT, the packets ... So you can traceroute from Machine1 to Machine2 without any problem, ... (RedHat) RE: Port Forwarding ... Subject: Port Forwarding ... Do you have a traceroute from Machine1 to Machine2? ... I have 16 servers ... (RedHat) Re: Port Forwarding ... This is on the gateway host, running rhel 5 that sits on a private and public network. ... Subject: Port Forwarding ... Do you have a traceroute from Machine1 to Machine2? ... I have 16 servers ... (RedHat)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Mailing-Lists  > RedHat  > 2007-12