forum.excito.org

Posted: **22 Apr 2010, 16:31**

I'm trying to forward two ports to my LAN without much success. Nmap shows that those ports, 1411 and 1412, are still closed. These rules are made with the bubba2 interface.

192.168.10.78:1412 / 1411 are the LAN ports I want to forward udp and tcp to.
192.168.10.1 is bubba

Code: Select all

# Generated by iptables-save v1.4.1.1 on Thu Apr 22 23:04:46 2010
*nat
:PREROUTING ACCEPT [70765:3495420]
:POSTROUTING ACCEPT [123:14943]
:OUTPUT ACCEPT [17:1173]
-A PREROUTING -d bubbaExternalIp/32 -p udp -m udp --dport 1412 -j DNAT --to-destination 192.168.10.78:1412
-A PREROUTING -d bubbaExternalIp/32 -p tcp -m tcp --dport 1411 -j DNAT --to-destination 192.168.10.78:1411
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/24 -d 192.168.10.78/32 -p udp -m udp --dport 1412 -j SNAT --to-source 192.168.10.1
-A POSTROUTING -s 192.168.10.0/24 -d 192.168.10.78/32 -p tcp -m tcp --dport 1411 -j SNAT --to-source 192.168.10.1
COMMIT
# Completed on Thu Apr 22 23:04:46 2010
# Generated by iptables-save v1.4.1.1 on Thu Apr 22 23:04:46 2010
*filter
:INPUT DROP [2711:333006]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [65894:2730088]
-A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 34360 -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A FORWARD -d 192.168.10.78/32 -p udp -m udp --dport 1412 -j ACCEPT
-A FORWARD -d 192.168.10.78/32 -p tcp -m tcp --dport 1411 -j ACCEPT
COMMIT
# Completed on Thu Apr 22 23:04:46 2010

This wasn't a problem yesterday. My LAN ip changed after using the Ubuntu live-cd. I thought it would be a simple matter to fix the rules via the web interface, but no... Does iptables really need some restart?

Posted: **22 Apr 2010, 16:43**

I'm not sure about the iptables stuff but wouldn't it just be easier to give your PC a static IP address of 192.168.10.78?

Posted: **23 Apr 2010, 07:25**

RandomUsername wrote:I'm not sure about the iptables stuff but wouldn't it just be easier to give your PC a static IP address of 192.168.10.78?

Dunno.. What happens if I have a static address on a computer, shut it down, the dhcp lease expires, I fire up my laptop, it then receives the same static IP, after which I boot my computer with the static address. Then what happens? A fairly unlikely scenario.. but it sounds like some sort of collision. I'd rather build everything 'right'.

Anywhoo.. Anyone here iptables literate enough to explain me how those rules (lines with 1411 and 1412) don't open the correct ports...? o_O I'd try to do this more on my own, but I'd rather not lock myself out (again).

Posted: **23 Apr 2010, 20:46**

You give you PC an IP address outside of the DHCP server's pool. IIRC,on the Bubbba this is anything below 192.168.10.50.

Posted: **24 Apr 2010, 09:20**

RandomUsername wrote:You give you PC an IP address outside of the DHCP server's pool. IIRC,on the Bubbba this is anything below 192.168.10.50.

Oh, ok. I did not know that possibility.

I'm still a bit baffled by that port fwd, but I'm leaning towards the chance that the problem is somehow somewhere else... other than the firewall.

forum.excito.org

iptables port forward

iptables port forward

Re: iptables port forward

Re: iptables port forward

Re: iptables port forward

Re: iptables port forward