Port Forwarding

Troy Amburg troya at u.washington.edu
Wed Dec 19 17:33:31 UTC 2007 

Do you have a traceroute from Machine1 to Machine2? Also, is the  
default route set correctly on Machine1?

On Dec 19, 2007, at 9:07 AM, Steven Buehler wrote:

> I am trying to do port forwarding and I just can't seem to get it  
> to work.
> I hope that someone can help.
>
> Machine 1 is running RHEL AS 4.4 with the 2.6.9-42.0.2.ELsmp kernel.
> iptables has been running as my firewall since I set it up.
>
> I am trying to get anything that comes in to port 3389 on "Machine  
> 1" to go
> to "Machine2" at a different location.  Lets say for this that the  
> IP of
> "Machine1" is 70.70.70.70 and the remote machine ("Machine 2") that  
> I want
> to forward to is 209.209.209.209.  I am assuming that I don't have  
> to do
> anything on "Machine2" except make sure the firewall for that port  
> is opened
> to "Machine 1".
>
> I have done the following on "Machine 1":
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Here is my /etc/sysconfig/iptables file from "Machine 1".  This is  
> not the
> one that I would normally use because it is to open, but am for  
> testing.
> ####################
> # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
> *nat
> :PREROUTING ACCEPT [3:536]
> :POSTROUTING ACCEPT [9:635]
> :OUTPUT ACCEPT [8:583]
> -A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination
> 209.209.209.209:80
> COMMIT
> # Completed on Wed Dec 19 10:50:11 2007
> # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
> *mangle
> :PREROUTING ACCEPT [318:24902]
> :INPUT ACCEPT [312:24214]
> :FORWARD ACCEPT [3:152]
> :OUTPUT ACCEPT [276:32613]
> :POSTROUTING ACCEPT [279:32765]
> COMMIT
> # Completed on Wed Dec 19 10:50:11 2007
> # Generated by iptables-save v1.2.11 on Wed Dec 19 10:50:11 2007
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [276:32613]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
> -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j  
> ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> # Completed on Wed Dec 19 10:50:11 2007
> ####################
>
> Thanks
> Steve
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list