Port forwarding woes

**friskydrifter** · 01-26-2004, 11:17 PM

No matter what i try i cant seem to get fort porwarding working so i can have my web server on 192.168.0.197

have setup like this

(cloud)---[ppp0{linux}eth0]--------[192.168.0.197]

all default rules in iptables set to ACCEPT

2 rules in place

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
(so i can access the net from internal side)

and

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.197:80
(hoping to forward port 80 requests to web server)

When i try to access my web page from either machine i get a message from mozilla saying connection refused. This message also comes up if there is no web server running when connecting to http://192.168.0.197 so i gather its is not refused but not to be found.

If i am running the web server i can connect by http://192.168.0.197.

Anyone ever got this to work? Can you see what im doing wrong?

**friskydrifter** · 01-27-2004, 11:59 AM

yea ignore those links - that is what im just typing into my browser

**friskydrifter** · 01-27-2004, 01:04 PM

See this page wasnt on the recent posts so i updated it to put it there, coz thats the one that matters.
http://www.getlinuxonline.com/yabbse...;threadid=2110

**paradox** · 01-27-2004, 04:52 PM

Now have you looked at your log to see if it is actually refusing your connection through the log or whether it is experiencing some kind of other error?

Aragorn

**SkyNet** · 01-27-2004, 05:48 PM

What is your external IP? I would like to try connecting to your webserver. To me it looks like you have your IPTABLES correct. Are you trying to access your webpage with your external IP or your internal IP?

**friskydrifter** · 01-27-2004, 11:26 PM

Might be hard to connect to the web server - its not always up,im just doing this for learning purposes. And its on a 56k dial up which gets disconnected every 4 hrs.
Would be useful if i could VNC into someones computer and then try to look at it from there, but whos gonna let me do that LOL

Anyway im trying to connecting with the external ip address, I am using dynDNS so im actually typing in the domain - not the ip. Except when i try it internally (192.168.0.197)

Maybe because im trying to access it from the internal side that its giving me probs? Dont see why this should happen though.

Now have you looked at your log to see if it is actually refusing your connection through the log or whether it is experiencing some kind of other error?

You know what,i have never really used logs, im not sure where to start - where are they?

**SkyNet** · 01-28-2004, 01:51 AM

I think that is the reason you are getting problems. I believe there is a different way to setup IPTABLES for LAN to LAN access.

This is a redirection hack that should work, but perhaps there is a better way still.

$IPTABLES -t nat -A PREROUTING -d $EXTIP -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.0.197

When your $EXTIP changes your going to be hurting again. I'm not sure if you can put your dynDNS in stead of a real IP, but you can try.

**friskydrifter** · 01-28-2004, 03:59 AM

you were right the internal lan is the only place i cant get to it from. I set up the server then went to work and i could see the web server - yay!

now to figure out how to get asscess from inside - ill work on it a bit more.

And Skynet you can type in FQDN in iptables, but it just translates it to ip addresses so you would want to run your iptables script everytime your ip changes.

or if you are using iptables save then you are in trouble.

Thanks guys