helo cook, anong luto natin ngayon?
On Mon, Jan 26, 2009 at 7:04 PM, Linux Cook <[email protected]> wrote: > Hi edel... > > Yep it's weird... > anywya, hhehe hindi ko pa alam talaga kung ano prob ng port forawrding mo. di ba tumatagos galing sa labas? > I'm accessing the forwarded port from remote network. Should I disable > SELINUX on the internal box too just like what I did with the gateway box? > try mo disable. wala ako experience sa selinux kaya di ko rin masabi. pero kung selinux man yan, makikita mo sa syslog yung sinasabi ni selinux. gudluck. > > On Mon, Jan 26, 2009 at 4:43 PM, Edel SM <[email protected]> wrote: >> >> On Mon, Jan 26, 2009 at 9:23 AM, Linux Cook <[email protected]> wrote: >> > Hi guys, >> > >> > I've setup a centos-5.2 server (eth1 facing the internet) with a simple >> > port >> > forwarding where it forwards port 8081 to my internal box' >> > (192.168.0.2) >> > port 8080. >> > >> > $ lsmod |grep iptable >> > iptable_mangle 6849 0 >> > iptable_nat 11205 1 >> > iptable_filter 7105 1 >> > ip_nat 20973 2 iptable_nat,ip_nat_ftp >> > ip_conntrack 53153 5 >> > xt_state,iptable_nat,ip_nat_ftp,ip_nat,ip_conntrack_ftp >> > ip_tables 17029 3 >> > iptable_mangle,iptable_nat,iptable_filter >> > x_tables 17349 8 >> > >> > xt_limit,xt_pkttype,ipt_REJECT,xt_tcpudp,xt_state,ipt_LOG,iptable_nat,ip_tables >> > >> > $ sysctl -p >> > net.ipv4.ip_forward = 1 >> > net.ipv4.conf.default.rp_filter = 1 >> > net.ipv4.conf.default.accept_source_route = 0 >> > >> > my rules: >> > >> > $IPTABLES -P INPUT ACCEPT >> > $IPTABLES -P FORWARD ACCEPT >> > $IPTABLES -t nat -P PREROUTING ACCEPT >> > $IPTABLES -t mangle -P PREROUTING ACCEPT >> > >> > $IPTABLES -A INPUT -p tcp -m tcp --dport 8081 -j ACCEPT >> > $IPTABLES -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 8081 -j >> > DNAT >> > --to-destination 192.168.0.2:8080 >> > $IPTABLES -I FORWARD -p tcp -d 192.168.0.2 --dport 8080 -j ACCEPT >> > >> > after running the rule: >> > >> > $ iptables -t nat -L >> > >> > Chain PREROUTING (policy ACCEPT) >> > target prot opt source destination >> > DNAT tcp -- anywhere anywhere tcp >> > dpt:tproxy >> > to:192.168.0.2:8080 >> > >> > Chain POSTROUTING (policy ACCEPT) >> > target prot opt source destination >> > >> > Chain OUTPUT (policy ACCEPT) >> > target prot opt source destination >> > >> > What is wrong with my rules? Did I miss something? >> > >> > Pls help.... >> > >> > linuxcook >> > >> >> seems nothing's wrong. are you trying to access the forwarded port >> from inside (192.168.0.0/24)? if you cant get traffic back that's >> normal. >> >> > >> > >> > >> > _________________________________________________ >> > Philippine Linux Users' Group (PLUG) Mailing List >> > http://lists.linux.org.ph/mailman/listinfo/plug >> > Searchable Archives: http://archives.free.net.ph >> > >> >> >> >> -- >> edel > > -- edel _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
