problems with port forwarding

To:	netfilter@lists.netfilter.org
Subject:	problems with port forwarding
From:	"Andres Baravalle" <andres.baravalle@gmail.com>
Date:	Fri, 23 Feb 2007 16:07:32 +0000
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=lSa4e4Xp04e/KsE7otLj6iMkWkn4puuk3w1PLt670W9GBK0KHJiFdYMcKRc2qQZPxTI0eP9P1XQlT8CCn20AHbEXCqw9sRsTKpgJOxQ3sIza93cT/LbTktlJ+W/Eb9PC8FRRCU3jLXTE32HBhpfIUt5nG4E0/Q61bskS0/3f2rU=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=BNDssS62PYv+MUCNrPAke67shQT7XJmLkvpUNOpRvcCKuFWEWYB0EGLrkx0hF+PD0LilY0OcMFXSNL0na9XHqlLGudtmwCgkXeuRYbbHwPn0VKqypzGalyjmQ18uQfD5FG7c5L9WH4N/2/wD7v+zx+hHfiI0aIPvgub7PbIVxOY=
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender:	netfilter-bounces@lists.netfilter.org

Hi,
I need to forward a port from one server to another - and I'm having
some trouble.

I have a server (A) and I want connections to port 10022 in server A
to be forwarded to port 22 in server B.

I tough I got the procedure correctly, because it's working using
another server (C) and server B.

Anyway, here are the relevant tables:

iptables -L --line-numbers -t nat

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    DNAT       tcp  --  anywhere             anywhere            tcp
dpt:ftp to:SERVER_B:22
2    LOG        all  --  anywhere             SERVER_B    LOG level debug

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    SNAT       tcp  --  anywhere             SERVER_B    tcp dpt:ssh
to:SERVER_A
2    LOG        tcp  --  anywhere             SERVER_B    LOG level debug

iptables -L FORWARD

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
REJECT     tcp  --  anywhere             anywhere            tcp
flags:!SYN,RST,ACK/SYN reject-with tcp-reset
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     tcp  --  anywhere             SERVER_B    tcp dpt:10022
ACCEPT     all  --  anywhere             anywhere
LOG        tcp  --  anywhere             SERVER_B    LOG level warning

If I connect from server A to localhost, port 10022, it works. If I
connect from any other machine to server A, port 10022, it doesn't.

Any suggestions? I've been looking at this and making tests for a long
time today and I can't find the error.

By the way, I can't see any entries in the log...

  Andres

<Prev in Thread]	Current Thread	[Next in Thread>
problems with port forwarding, Andres Baravalle <= Re: problems with port forwarding, Andres Baravalle Re: problems with port forwarding, Elvir Kuric Re: problems with port forwarding, Silvio Fonseca

Previous by Date:	Re: iptables: hide the real web server from users, Martijn Lievaart
Next by Date:	Re: problems with port forwarding, Andres Baravalle
Previous by Thread:	need help with libiptc, Hal Moroff
Next by Thread:	Re: problems with port forwarding, Andres Baravalle
Indexes:	[Date] [Thread] [Top] [All Lists]