Internal to Internal port forwarding

Thu, 09 Sep 2004 12:10:20 -0700

I have port forwarding running just terrific from OUTSIDE the script, but I can't get it to work from any internal address to the correct port on another internal machine. I read a discussion of this in the archives, and I checked my script against what the discussion was, but it doesn't seem to work.

I have the INT_IP variable set correctly, the ports forward from outside cleanly. If I'm reading the firewall script correctly, and the discussion in the archive, this section of firewall status seems to be where it should be doing this.

Chain POSTROUTING (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
198 26452 ACCEPT all -- * * 10.0.0.0/16 192.168.0.0/16
8 621 ACCEPT all -- * * 192.168.0.0/16 10.0.0.0/16
2100 312K ACCEPT all -- * * 192.168.0.0/16 192.168.0.0/16
0 0 ACCEPT all -- * * 192.168.0.0/16 192.168.0.0/16
0 0 SNAT udp -- * * 192.168.2.0/24 192.168.2.5 udp dpt:80 to:192.168.2.254
0 0 SNAT tcp -- * * 192.168.2.0/24 192.168.2.5 tcp dpt:80 to:192.168.2.254
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.5 udp dpt:80
21 968 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.5 tcp dpt:80
0 0 SNAT udp -- * * 192.168.2.0/24 192.168.2.5 udp dpt:110 to:192.168.2.254
0 0 SNAT tcp -- * * 192.168.2.0/24 192.168.2.5 tcp dpt:110 to:192.168.2.254
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.5 udp dpt:110
5761 276K ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.5 tcp dpt:110
0 0 SNAT udp -- * * 192.168.2.0/24 192.168.2.5 udp dpt:25 to:192.168.2.254
0 0 SNAT tcp -- * * 192.168.2.0/24 192.168.2.5 tcp dpt:25 to:192.168.2.254
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.5 udp dpt:25
680 35132 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.5 tcp dpt:25
0 0 SNAT udp -- * * 192.168.2.0/24 192.168.2.2 udp dpt:5632 to:192.168.2.254
0 0 SNAT tcp -- * * 192.168.2.0/24 192.168.2.2 tcp dpt:5632 to:192.168.2.254
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.2 udp dpt:5632
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.2 tcp dpt:5632
0 0 SNAT udp -- * * 192.168.2.0/24 192.168.2.2 udp dpt:5631 to:192.168.2.254
0 0 SNAT tcp -- * * 192.168.2.0/24 192.168.2.2 tcp dpt:5631 to:192.168.2.254
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.2 udp dpt:5631
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.2 tcp dpt:5631
0 0 SNAT udp -- * * 192.168.2.0/24 192.168.2.2 udp dpt:80 to:192.168.2.254
0 0 SNAT tcp -- * * 192.168.2.0/24 192.168.2.2 tcp dpt:80 to:192.168.2.254
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.2 udp dpt:80
99 4752 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.2 tcp dpt:80
7 527 ACCEPT all -- * * 127.0.0.1 127.0.0.1
138 8348 MASQUERADE all -- * * 192.168.2.0/24 0.0.0.0/0
942 82964 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo XXX.YYY.ZZZ.AAA XXX.YYY.ZZZ.AAA

Basically, I have the firewall and three machines behind it. None of the machines are able to port forward to any other machine through the external IP of the firewall. This is causing terrible problems for me with DNS resolution and mail server, web service, etc. Once again, it works perfectly outside the firewall.

PORT_FORWARDS="XXX.YYY.ZZZ.AAA(80)-192.168.2.2(80) XXX.YYY.ZZZ.AAA(25)-192.168.2.5(25) XXX.YYY.ZZZ.AAA(110)-192.168.2.5(110)"

Thanks in advance for any assistance!

Reply via email to