New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
I'm trying to forward two ports to my LAN without much success. Nmap shows that those ports, 1411 and 1412, are still closed. These rules are made with the bubba2 interface.
192.168.10.78:1412 / 1411 are the LAN ports I want to forward udp and tcp to.
192.168.10.1 is bubba
# Generated by iptables-save v1.4.1.1 on Thu Apr 22 23:04:46 2010
*nat
:PREROUTING ACCEPT [70765:3495420]
:POSTROUTING ACCEPT [123:14943]
:OUTPUT ACCEPT [17:1173]
-A PREROUTING -d bubbaExternalIp/32 -p udp -m udp --dport 1412 -j DNAT --to-destination 192.168.10.78:1412
-A PREROUTING -d bubbaExternalIp/32 -p tcp -m tcp --dport 1411 -j DNAT --to-destination 192.168.10.78:1411
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/24 -d 192.168.10.78/32 -p udp -m udp --dport 1412 -j SNAT --to-source 192.168.10.1
-A POSTROUTING -s 192.168.10.0/24 -d 192.168.10.78/32 -p tcp -m tcp --dport 1411 -j SNAT --to-source 192.168.10.1
COMMIT
# Completed on Thu Apr 22 23:04:46 2010
# Generated by iptables-save v1.4.1.1 on Thu Apr 22 23:04:46 2010
*filter
:INPUT DROP [2711:333006]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [65894:2730088]
-A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 34360 -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A FORWARD -d 192.168.10.78/32 -p udp -m udp --dport 1412 -j ACCEPT
-A FORWARD -d 192.168.10.78/32 -p tcp -m tcp --dport 1411 -j ACCEPT
COMMIT
# Completed on Thu Apr 22 23:04:46 2010
This wasn't a problem yesterday. My LAN ip changed after using the Ubuntu live-cd. I thought it would be a simple matter to fix the rules via the web interface, but no... Does iptables really need some restart?
RandomUsername wrote:I'm not sure about the iptables stuff but wouldn't it just be easier to give your PC a static IP address of 192.168.10.78?
Dunno.. What happens if I have a static address on a computer, shut it down, the dhcp lease expires, I fire up my laptop, it then receives the same static IP, after which I boot my computer with the static address. Then what happens? A fairly unlikely scenario.. but it sounds like some sort of collision. I'd rather build everything 'right'.
Anywhoo.. Anyone here iptables literate enough to explain me how those rules (lines with 1411 and 1412) don't open the correct ports...? o_O I'd try to do this more on my own, but I'd rather not lock myself out (again).