[Firewall] Help: setting up port-forwarding

Philip Prindeville philipp_subx at redfish-solutions.com
Mon Nov 5 14:11:53 MST 2007


If I just use:

NAT_TCP_FORWARD=<<__EOF__
...
:22001>192.168.1.1:22
__EOF__

(where 192.168.1.1 is the interior address of my Firewall box) then I 
get "connection refused" when I try to putty in...

But I don't see anything in the logs...  Hmmm...  should I try:

:22001>:22

instead?

-Philip


Arno van Amersfoort wrote:
> You never need to specify an additional OPEN_xxx for a port forward is 
> this the forwarding is performed in the prerouting chain. So in this 
> case OPEN_TCP="22" is useless....
>
> a.
>
> Niklas wrote:
>   
>> On Sat, 3 Nov 2007 21:47:11 +0100, Neptunek wrote:
>>     
>>> 2007/11/2, Philip Prindeville <philipp_subx at redfish-solutions.com>:
>>>
>>>       
>>>> Ok, well, since there's no Howto or FAQ available, I'll just put
>>>> the question out there about what I want to do.
>>>>
>>>>
>>>>         
>>> FAQ: (http://rocky.eld.leidenuniv.nl/page/iptables/qafaq.htm) Q:  I
>>> want to forward (DNAT) from port 81 on my the firewall machine to
>>> port 80 on a local host (192.168.0.3). How can I do this? A: You
>>> can do this in almost the same way is a normal forward, only thing
>>> you need to add is :81 to the localhost in the TCP_FORWARD /
>>> UDP_FORWARD variables. In this case it would become
>>> "81>192.168.0.3:80"
>>>
>>>       
>>>> Here's where things get a little more complicated.  I want to
>>>> relocate Ssh as:
>>>>
>>>> 2201>192.168.1.1:22
>>>> 2202>192.168.1.2:22
>>>> 2203>192.168.1.3:22
>>>>
>>>>         
>>> So this is correct and NAT_TCP_FORWARD = 2201>192.168.1.1:22 must
>>> work good, but I don't check it :)
>>>       
>> It does work if you open port 22 in the OPEN_TCP line as well, otherwice it will be blocked by the firewall. So i can't give you any help... Maybe do a portforward of 22 to something that is not in use...
>>
>> /niklas
>>
>> _______________________________________________
>> Firewall mailing list
>> Firewall at lists.btito.net
>> http://lists.btito.net/mailman/listinfo/firewall_lists.btito.net
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>>
>>     
>
>   




More information about the Firewall mailing list