AW: Netfilter Port Forwarding Problem

Mon, 30 Apr 2007 01:25:13 -0700 

Hi!

I have a internet-connection (eth0) and a internal interface (eth1)
my goal is to forward the following tcp-port: 195.x.x.x:5900 =>
192.168.1.6:5900

On Debian/Sarge (Kernel 2.4.27-2-386 / iptables v1.2.11) does it work fine:
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 195.x.x.x --dport 5900 -j
DNAT --to 192.168.1.6:5900
iptables -A FORWARD -p tcp -i eth0 -d 192.168.1.6 --dport 5900 -j ACCEPT

with nmap, I get the this State on the Port 5900
Port       State       Service
5900/tcp   open        vnc

On Debian/Etch (Kernel 2.6.18-4-k7 / iptables v1.3.6), I get the
"filtered"-State and I get connection refused on connecting
Port       State       Service
5900/tcp   filtered    vnc

I think the Kernel 2.6 has some different security-settings to Kernel 2.4
Does anybody know a solution for my problem?

best regards

Dom 


> -----Ursprüngliche Nachricht-----
> Von: tomfi [mailto:[EMAIL PROTECTED] 
> Gesendet: Montag, 30. April 2007 09:25
> An: Makara
> Cc: [email protected]
> Betreff: Re: Netfilter Port Forwarding Problem
> 
> You don't know why it works? Or you don't know why it does not work ?
> 
> I think it doesn't work... If you have Internet connected 
> Webserver and
> there is requirement to establish a connection over localnetwork to
> internet, the webserver try to respond over his internet connection,
> because server know diferent way to the Internet then your firewall.
> 
> That's why.
> 
> Tomfi
> 
> 
> Makara napsal(a):
> > Hi all,
> > 
> > I have 2 internet connections ip $ipinet1 for other
> > traffics and $ipinet2 for mail it works properly.
> > I want to allow the connection from internet connect
> > to my local web server(172.16.0.4) via $ipinet1 so I
> > do port forwarding
> > 
> > iptables -A PREROUTING -t nat -i $ifinet1  -d $ipinet1
> > -p tcp --dport 80 -j DNAT  --to 172.16.0.4:80
> > 
> > I allow FORWARD Rule from firewall to my local
> > webserver
> > 
> > iptables -A FORWARD -m state --state
> > RELATED,ESTABLISHED -j ACCEPT
> > 
> > iptables -A FORWARD -p tcp --dport 80 -i $ifinet1 -o
> > $iflocalnet -j ACCEPT
> > 
> > I don't know why it does work? if you have any idea
> > please help.
> > 
> > Thanks
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam protection around 
> > http://mail.yahoo.com 
> > 
> > 
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact 
> [EMAIL PROTECTED]
>

Reply via email to