PDA

View Full Version : [ubuntu] Port forwarding being useless.



StrangeWill
November 3rd, 2008, 08:22 AM
# Generated by iptables-save v1.3.8 on Sun Nov 2 23:17:28 2008
*filter
:INPUT ACCEPT [72:26013]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [78:34081]
-A INPUT -p tcp -m tcp --dport 8081 -j ACCEPT
COMMIT
# Completed on Sun Nov 2 23:17:28 2008
# Generated by iptables-save v1.3.8 on Sun Nov 2 23:17:28 2008
*mangle
:PREROUTING ACCEPT [72:26013]
:INPUT ACCEPT [72:26013]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [78:34081]
:POSTROUTING ACCEPT [78:34081]
COMMIT
# Completed on Sun Nov 2 23:17:28 2008
# Generated by iptables-save v1.3.8 on Sun Nov 2 23:17:28 2008
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp -d 192.168.1.10 --dport 8081 -j DNAT --to-destination 192.168.1.20:3389
COMMIT
# Completed on Sun Nov 2 23:17:28 2008



Cannot figure it out, trying to forward port 8081 to 3389, not working, worked fine in SuSE but I had an actual interface that did port and IP masquerading and stuff for me, where as ip tables just seems to throw up everywhere and give me no real idea what is wrong, and all online tutorials I've read that I follow step by step get me nowhere.


Any ideas?

StrangeWill
November 3rd, 2008, 11:17 AM
Well working with a bit of port masqurading (that is what it was called in SuSE)



# Generated by iptables-save v1.3.8 on Mon Nov 3 02:14:49 2008
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp -d 192.168.1.10 -i eth0 --dport 8081 -j DNAT --to-destination 192.168.1.20:3389
-A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.1
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Nov 3 02:14:49 2008
# Generated by iptables-save v1.3.8 on Mon Nov 3 02:14:49 2008
*mangle
:PREROUTING ACCEPT [5620:4064432]
:INPUT ACCEPT [5608:4063597]
:FORWARD ACCEPT [4:192]
:OUTPUT ACCEPT [6436:6280037]
:POSTROUTING ACCEPT [6500:6289663]
COMMIT
# Completed on Mon Nov 3 02:14:49 2008
# Generated by iptables-save v1.3.8 on Mon Nov 3 02:14:49 2008
*filter
:INPUT ACCEPT [5608:4063597]
:FORWARD ACCEPT [4:192]
:OUTPUT ACCEPT [6432:6279733]
-A FORWARD -s 192.168.1.20 -i eth0 -j ACCEPT
COMMIT
# Completed on Mon Nov 3 02:14:49 2008
~



Again no go, but I feel I'm getting closer.

superprash2003
November 3rd, 2008, 05:58 PM
have you set any rules before this?? cause by default iptables does allow traffic to an app on your pc if it is actively listening through a port..

StrangeWill
November 3rd, 2008, 11:59 PM
have you set any rules before this?? cause by default iptables does allow traffic to an app on your pc if it is actively listening through a port..

Well that is just it, I can hit my Ubuntu box on 192.168.1.10:8081, however I want that port masqueraded as 192.168.1.20:3389, so that it's passed through and redirected.

superprash2003
November 4th, 2008, 05:09 PM
some routers have that funtionality of external port and internal port.. it can be done there directly..

StrangeWill
November 5th, 2008, 09:09 AM
some routers have that funtionality of external port and internal port.. it can be done there directly..

I need the linux box to do it, being as it's running NAT addressed virtual machines on a different subnet, and I need to forward ports from the linux box to these different addressed boxes.

Did it easy in SuSE.

dmizer
November 5th, 2008, 11:12 AM
I need the linux box to do it, being as it's running NAT addressed virtual machines on a different subnet, and I need to forward ports from the linux box to these different addressed boxes.

Did it easy in SuSE.

What did you do to accomplish this in SuSE?

StrangeWill
November 5th, 2008, 11:22 AM
What did you do to accomplish this in SuSE?

Well it was all done in the KDE interface... something I don't have under Ubuntu, under the network card settings, you could go under the masquerading menu and put in which listening port and IP gets redirected to a defined IP and port of your choosing.

Ex:
192.168.1.10:8081->192.168.1.20:3389

Start->Run->MSTSC open 192.168.1.10:8081 would open MSTSC on computer 192.168.1.20 via port masquerading.

dmizer
November 5th, 2008, 01:41 PM
Ah, well you can use Kubuntu (with KDE) but I'm not sure it would have the same gui interface as SuSE.

Instead of trying to directly manipulate iptables, you can try UFW. More information here: http://ubuntuforums.org/showthread.php?t=952992

StrangeWill
November 5th, 2008, 11:13 PM
Ah, well you can use Kubuntu (with KDE) but I'm not sure it would have the same gui interface as SuSE.

Instead of trying to directly manipulate iptables, you can try UFW. More information here: http://ubuntuforums.org/showthread.php?t=952992

It's a server machine so I'm trying to keep KDE off of it.

StrangeWill
November 6th, 2008, 05:42 AM
May have used ipmasqadm but I can't seem to get that on Ubuntu. =\

dmizer
November 6th, 2008, 06:21 AM
Again, I highly suggest using a firewall manager like UFW. UFW can be managed at the CLI: https://help.ubuntu.com/community/Uncomplicated_Firewall_ufw

Try that and see if you make any headway. If not, there may be something here which will help: https://help.ubuntu.com/community/Internet/ConnectionSharing

Are you perhaps effected by this bug? https://bugs.launchpad.net/ubuntu/+source/procps/+bug/84537

StrangeWill
November 6th, 2008, 07:12 AM
Again, I highly suggest using a firewall manager like UFW. UFW can be managed at the CLI: https://help.ubuntu.com/community/Uncomplicated_Firewall_ufw

Try that and see if you make any headway. If not, there may be something here which will help: https://help.ubuntu.com/community/Internet/ConnectionSharing

Are you perhaps effected by this bug? https://bugs.launchpad.net/ubuntu/+source/procps/+bug/84537

UFW doesn't give any examples of how to do IP/Port masquerading.

Plus these rules cannot be correct, with this rules up I can't seem to get to the internet from my linux box.


Edit:
A hah! Got it, wow that was annoying but it makes sense now...

dmizer
November 6th, 2008, 07:15 AM
What did you finally do to fix the problem?

StrangeWill
November 6th, 2008, 07:43 PM
What did you finally do to fix the problem?

I applied the bug fix (thought that may/may not have fixed it) and found out I need to be masquerading from the machine that I'm bouncing back from.

So it could have been a mix of those two, or just the bug fix.