Re: Still not working right.

Mon, 06 May 2002 09:49:13 -0700 

On Mon, May 06, 2002 at 12:55:10PM -0400, Scottie wrote:

> Don't know why this isn't working.
> 
> eth0=10.0.0.117
> eth1=192.168.0.10
> 
> Forwarding is on. Both interfaces work fine. In rc.firewall I have:
> 
> # Set up Masq Forward
> iptables -P FORWARD ACCEPT
> iptables -t nat -A POSTROUTING -p tcp -s 198.168.0.0/24 -j SNAT --to
> 10.0.0.117

It's not a bad idea to specify the "-i" for PREROUTING and "-o" for
POSTROUTING.

> 
> #ports 5800/5900
> iptables -t nat -A PREROUTING -i eth0 -p tcp -d 10.0.0.117 --dport 5800 -j
> DNAT --to 192.168.0.17:5800
> iptables -A FORWARD -i eth0 -p tcp -o eth1 -d 192.168.0.17 --dport 5800 -j
> ACCEPT
> iptables -t nat -A PREROUTING -i eth0 -p tcp -d 10.0.0.117 --dport 5900 -j
> DNAT --to 192.168.0.17:5900
> iptables -A FORWARD -i eth0 -p tcp -o eth1 -d 192.168.0.17 --dport 5900 -j
> ACCEPT
> 
> 
> After I set this up I went to a Machine that works through our ipchains
> firewall
> and type:
> 
> telnet 10.0.0.117 5800<CR>
> 
> And nothing happens. My tcpdump shows this:
> 
> eth0:
> 17:15:34.240233 66.162.8.121.1187 > 192.168.0.17.5800: S
> 982124692:982124692(0) win 32120
> 17:15:34.249384 66.162.8.121.1187 > 192.168.0.17.5800: S
> 982124692:982124692(0) win 32120
> 17:15:34.251384 192.168.0.17.5800 > 66.162.8.121.1187: S
> 1073543365:1073543365(0) ack 982124693 win 17520
> 17:15:34.253385 66.162.8.121.1187 > 192.168.0.17.5800: R win 0

Here, 66.162.8.121 sends a reset. Why?

Ramin

> 
> eth1:
> 17:17:05.26103 66.162.8.121.1188 > 192.168.0.17.5800: S
> 1079288990:1079288990(0) win 32120
> 17:17:05.27839 66.162.8.121.1188 > 192.168.0.17.5800: S
> 1079288990:1079288990(0) win 32120
> 17:17:05.29830 192.168.0.17.5800 > 66.162.8.121.1188: S
> 1094576222:1094576222(0) ack 1079288991 win 17520
> 17:17:05.31832 66.162.8.121.1188 > 192.168.0.17.5800: R win 0
> 
> 
> Anyone have any wisdom for me?
> 
> Scottie Adams
> Systems Administrator
> [EMAIL PROTECTED]
> 704-971-4360 Work
> 704-460-7619 Cell
> 
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/02

Reply via email to