Port forwarding with iptables not working - Networking

This is a discussion on Port forwarding with iptables not working - Networking ; Hi I have a probably rather simple problem with iptables and port forwarding and I hope that someone here can help me. I want to run iMule on a computer behind the firewall and want to forward the relevant ports. ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Port forwarding with iptables not working

  1. Port forwarding with iptables not working

    Hi

    I have a probably rather simple problem with iptables and port
    forwarding and I hope that someone here can help me. I want to run
    iMule on a computer behind the firewall and want to forward the
    relevant ports. Everything except the forwarding is working nicely.
    Considering this diagram -
    http://upload.wikimedia.org/wikipedi...-traversal.png
    placing the prerouting-rules before the rules for the INPUT and
    FORWARD chains seemed the logical thing to do. The application is
    still complaining that it is firewalled - what am I doing wrong ?

    This is my current setup, the lines marked with a ">" are the ones I
    added. Of course I also added 88886 tcp and 8887 udp in the list of
    allowed ports in lines 7-8.


    iptables -t filter -P INPUT DROP
    iptables -t filter -P FORWARD DROP
    iptables -t filter -P OUTPUT ACCEPT

    > iptables -t nat -A PREROUTING -p tcp --dport 8886 -j DNAT --to 192.168.99.12:8886
    > iptables -t nat -A PREROUTING -p udp --dport 8887 -j DNAT --to 192.168.99.12:8887


    iptables -t filter -N tcprules

    iptables -t filter -A tcprules -i ppp0 -p tcp -m multiport --dports 6882,11827,9987,8794,8886 -j ACCEPT
    iptables -t filter -A tcprules -i ppp0 -p udp -m multiport --dports 11931,9987,8794,8887 -j ACCEPT

    iptables -t filter -A tcprules -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -t filter -A tcprules -i ppp0 -m state --state NEW,INVALID -j DROP
    iptables -t filter -A tcprules -i ! ppp0 -j ACCEPT

    iptables -t filter -A INPUT -j tcprules
    iptables -t filter -A FORWARD -j tcprules

    iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.99.0/24 -d 0/0 -j MASQUERADE

    Bye
    Stefan

  2. Re: Port forwarding with iptables not working

    On Sat, 6 Sep 2008 06:20:28 +0200, Stefan Malte Schumacher wrote:

    >Hi
    >
    >I have a probably rather simple problem with iptables and port
    >forwarding and I hope that someone here can help me. I want to run
    >iMule on a computer behind the firewall and want to forward the
    >relevant ports. Everything except the forwarding is working nicely.
    >Considering this diagram -
    >http://upload.wikimedia.org/wikipedi...-traversal.png
    >placing the prerouting-rules before the rules for the INPUT and
    >FORWARD chains seemed the logical thing to do. The application is
    >still complaining that it is firewalled - what am I doing wrong ?
    >
    >This is my current setup, the lines marked with a ">" are the ones I
    >added. Of course I also added 88886 tcp and 8887 udp in the list of
    >allowed ports in lines 7-8.
    >
    >
    > iptables -t filter -P INPUT DROP
    > iptables -t filter -P FORWARD DROP
    > iptables -t filter -P OUTPUT ACCEPT
    >
    >> iptables -t nat -A PREROUTING -p tcp --dport 8886 -j DNAT --to 192.168.99.12:8886
    >> iptables -t nat -A PREROUTING -p udp --dport 8887 -j DNAT --to 192.168.99.12:8887

    >
    > iptables -t filter -N tcprules
    >
    > iptables -t filter -A tcprules -i ppp0 -p tcp -m multiport --dports 6882,11827,9987,8794,8886 -j ACCEPT
    > iptables -t filter -A tcprules -i ppp0 -p udp -m multiport --dports 11931,9987,8794,8887 -j ACCEPT
    >
    > iptables -t filter -A tcprules -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    > iptables -t filter -A tcprules -i ppp0 -m state --state NEW,INVALID -j DROP
    > iptables -t filter -A tcprules -i ! ppp0 -j ACCEPT
    >
    > iptables -t filter -A INPUT -j tcprules
    > iptables -t filter -A FORWARD -j tcprules
    >
    > iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.99.0/24 -d 0/0 -j MASQUERADE


    Two things to do, you're only halfway there My setup is forwarding
    to a machine on localnet, but you should your solution within (this
    works with a bitTorrent client):

    MSTATE="-m state --state"
    X_WORLD="ppp0"
    ....
    # for torrent (1 of 2)
    if [ -n "$TORRENT_PORT" ]
    then
    iptables -t nat -A PREROUTING -p tcp -i $X_WORLD \
    --dport $TORRENT_PORT \
    -j DNAT --to-destination $TORRENT_HOST
    iptables -t nat -A PREROUTING -p udp -i $X_WORLD \
    --dport $TORRENT_PORT \
    -j DNAT --to-destination $TORRENT_HOST
    fi
    ....
    # for torrent, tcp only (2 of 2, other part in NAT)
    if [ -n "$TORRENT_PORT" ]
    then
    iptables -A FORWARD -p tcp $MSTATE NEW \
    --dport $TORRENT_PORT -j ACCEPT
    iptables -A FORWARD -p udp --dport $TORRENT_PORT -j DROP
    fi

    You probably want to change FORWARD to INPUT? Your use of '-t filter'
    above is confusing.

    Grant.
    >
    >Bye
    >Stefan


    --
    Cats, no less liquid than their shadows, offer no angles to the wind.

  3. Re: Port forwarding with iptables not working

    Hello,

    Stefan Malte Schumacher a écrit :
    >
    > I have a probably rather simple problem with iptables and port
    > forwarding and I hope that someone here can help me. I want to run
    > iMule on a computer behind the firewall and want to forward the
    > relevant ports. Everything except the forwarding is working nicely.


    Everything looks fine, although your rules are a bit more permissive
    than necessary. Are you sure you redirected the right ports to the right
    address and the target machine has no local firewall blocking the
    incoming connections on these ports ?

+ Reply to Thread