Hello! I would like to forward my port 80 and 5000 and 5001. Why does it not work? I do not get an error or anything. Tha apache/vnc at the other side is running. iptables -F OUTPUT iptables -F INPUT iptables -F FORWARD iptables -t nat -F PREROUTING iptables -P OUTPUT ACCEPT iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -t nat -P POSTROUTING DROP iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j DNAT --to 192.168.1.40 iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j DNAT --to 192.168.1.40 #Make sure connections for VNC servers are accepted. iptables -t nat -A POSTROUTING -p tcp --destination-port 80 -j ACCEPT iptables -t nat -A POSTROUTING -p tcp --destination-port 80 -j ACCEPT iptables -t nat -A PREROUTING -d 212.185.31.98 -p tcp --destination-port 5900 -j DNAT --to 192.168.1.2 iptables -t nat -A PREROUTING -d 212.185.31.98 -p tcp --destination-port 5901 -j DNAT --to 192.168.1.2 #Make sure connections for VNC servers are accepted. iptables -t nat -A POSTROUTING -d 212.185.31.98 -p tcp --destination-port 5900 -j ACCEPT iptables -t nat -A POSTROUTING -d 212.185.31.98 -p tcp --destination-port 5901 -j ACCEPT #iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j REDIRECT --to 192.168.1.40:80 #iptables -A INPUT -i ppp0 -p tcp --syn --destination-port ! 80 -j DROP #iptables -A INPUT -i ppp0 -p tcp --syn --destination-port ! 20 -j DROP #iptables -A INPUT -i ppp0 -p tcp --syn --destination-port ! 21 -j DROP #iptables -A INPUT -i ppp0 -p tcp --syn --destination-port ! 22 -j DROP iptables -A INPUT -i ppp0 -p tcp --syn -j DROP Thank you! Spiekey
On Thursday 15 November 2001 00:58, spiekey wrote:
Hello! I would like to forward my port 80 and 5000 and 5001. Why does it not work? I do not get an error or anything. Tha apache/vnc at the other side is running.
iptables -F OUTPUT iptables -F INPUT iptables -F FORWARD iptables -t nat -F PREROUTING
iptables -P OUTPUT ACCEPT iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -t nat -P POSTROUTING DROP
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j DNAT --to 192.168.1.40 iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j DNAT --to 192.168.1.40 #Make sure connections for VNC servers are accepted. iptables -t nat -A POSTROUTING -p tcp --destination-port 80 -j ACCEPT iptables -t nat -A POSTROUTING -p tcp --destination-port 80 -j ACCEPT
iptables -t nat -A PREROUTING -d 212.185.31.98 -p tcp --destination-port 5900 -j DNAT --to 192.168.1.2 iptables -t nat -A PREROUTING -d 212.185.31.98 -p tcp --destination-port 5901 -j DNAT --to 192.168.1.2 #Make sure connections for VNC servers are accepted. iptables -t nat -A POSTROUTING -d 212.185.31.98 -p tcp --destination-port 5900 -j ACCEPT iptables -t nat -A POSTROUTING -d 212.185.31.98 -p tcp --destination-port 5901 -j ACCEPT
#iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j REDIRECT --to 192.168.1.40:80
#iptables -A INPUT -i ppp0 -p tcp --syn --destination-port ! 80 -j DROP #iptables -A INPUT -i ppp0 -p tcp --syn --destination-port ! 20 -j DROP #iptables -A INPUT -i ppp0 -p tcp --syn --destination-port ! 21 -j DROP #iptables -A INPUT -i ppp0 -p tcp --syn --destination-port ! 22 -j DROP
iptables -A INPUT -i ppp0 -p tcp --syn -j DROP
Do you have rules (POSTROUTING) for the answers from the servers ? If not they probably are dropped (Policy DROP for POSTROUTING) I'd suggest to have always one last rule for each chain which logs packets that don't match any rule before. Andreas Baetz ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been scanned for the presence of computer viruses. **********************************************************************
participants (2)
-
Andreas Baetz
-
spiekey