This is my firewall-status. Would you please help me to solve this problem?
Interestingly, coyote-linux (floppy disk, one of Linux Routing Project) and their
ipchains works very well. ToT i need iptables solution.
Thank you.
-----------------------
Table: filter
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
345 61539 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
782 123K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
8 625 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 127.0.0.1 127.0.0.1
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:23
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:81
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 83 packets, 5192 bytes)
pkts bytes target prot opt in out source destination
203K 91M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
7069 330K ACCEPT all -- * * 192.168.0.0/24 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.2
udp dpt:5900
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.2
tcp dpt:5900
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.2
udp dpt:20
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.2
tcp dpt:20
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.2
udp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.2
tcp dpt:21
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
938 89468 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
4 320 ACCEPT all -- * * 192.168.0.0/24 0.0.0.0/0
9 536 ACCEPT all -- * * 127.0.0.1 127.0.0.1
7 448 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
Table: nat
Chain PREROUTING (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5473 275K block_nat all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
1966 103K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
3504 172K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
3 180 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:23
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:81
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
0 0 ACCEPT all -- * * 192.168.0.0/24 0.0.0.0/0
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.2
udp dpt:5900
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.2
tcp dpt:5900
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.2
udp dpt:20
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.2
tcp dpt:20
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.2
udp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.2
tcp dpt:21
9 536 ACCEPT all -- * * 127.0.0.1 127.0.0.1
4843 227K MASQUERADE all -- * * 192.168.0.0/24 0.0.0.0/0
7 448 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 192.168.0.0/24 0.0.0.0/0
9 536 ACCEPT all -- * * 127.0.0.1 127.0.0.1
7 448 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain block_nat (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0
tcp dpts:137:139
0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
Table: mangle
Chain PREROUTING (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
212K 91M block_mangle all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
5902 371K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
206K 91M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
240 14590 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 192.168.0.0/24 0.0.0.0/0
0 0 ACCEPT all -- * * 127.0.0.1 127.0.0.1
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:23
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:81
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 1135 packets, 185K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 211K packets, 91M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
938 89468 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
11 849 ACCEPT all -- * * 192.168.0.0/24 0.0.0.0/0
9 536 ACCEPT all -- * * 127.0.0.1 127.0.0.1
7 448 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 212K packets, 91M bytes)
pkts bytes target prot opt in out source destination
Chain block_mangle (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0
tcp dpts:137:139
0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
Thank you!
Kibaek..
-----Original Message-----
From: Jamin W. Collins [mailto:jcollins@odin]On Behalf Of Jamin W. Collins
Sent: Sunday, February 02, 2003 12:15 AM
To: [EMAIL PROTECTED]
Subject: Re: Port Forwarding Problem!
On Sun, Feb 02, 2003 at 12:01:58AM +0900, Jeong Kibaek wrote:
> Hello, I have made efforts to solve this problem for a few days, but I
> can't solve the problem. I want to use port forwarding. But i don't
> think it looks like working well. Following is my firewall.conf file.
>
> EXT_IP=`ifconfig eth1 | grep -i "addr:" | cut -f2 -d: | cut -f1 -d " "`
>
> PORT_FORWARDS=" \
> $EXT_IP(30000)-192.168.0.2(21) \
> $EXT_IP(20)-192.168.0.2(20) \
> $EXT_IP(5900)-192.168.0.2(5900) "
>
(snip)
>
> I'm useing 0.8.5 firewall.conf and script and i have tested on both
> 1.2.1a iptables (2.4.2 kernel) and 1.2.5 iptables (2.4.18 kernel)
You may want to upgrade to 1.2.7a, but the script should work with
earlier too.
> What's the problem? What can I do for using port forwarding?
An entry in PORT_FORWARDS is all that is needed. You haven't listed the
ports in any of the ALLOWED_PORTS* variables have you?
It would help if you could provide the complete output of a firewall
status. (/etc/init.d/firewall status > /tmp/firewall-status)
--
Jamin W. Collins
