LFS Forum - Port Forwarding IPTABLES, problems and questions.

#1 - Raga

Port Forwarding IPTABLES, problems and questions.

Mon 25 Aug 2008, 07:51

Hello,
My computer where I run LFS is behind a Linux Debian router.
I have there iptables firewall.


eth1 - Internet interface
G_NET_IP - IP Adress I got from ISP
L_NET_NAME="eth0" - LAN interface
192.168.0.2 - computer where I run LFS Server.
63292 - server port

#ACCEPT FORWARDING (LFS)
iptables -A FORWARD -p udp -i eth1 --destination-port 63392 --destination 192.168.0.2 -j ACCEPT
iptables -A FORWARD -p tcp -i eth1 --destination-port 63392 --destination 192.168.0.2 -j ACCEPT

#PREROUTING PORT FORWARD (LFS)
iptables -t nat -A PREROUTING -p udp -i $L_NET_NAME --destination-port 63392 --destination $G_NET_IP -j DNAT --to-destination 192.168.0.2:63392
iptables -t nat -A PREROUTING -p tcp -i $L_NET_NAME --destination-port 63392 --destination $G_NET_IP -j DNAT --to-destination 192.168.0.2:63392

On my firewal I dont need to accept The outgoing TCP, beacuse alll my outgoing TCPs are ACCEPTED.

Still got problem with connecting my friend to my server.

My question is should CanYouSeeMe.org - Open Port Check Tool see my service running, when I have server running?
http://www.canyouseeme.org/
RESULT: Error: I could not see your service on $G_NET_IP on port (63392)
Reason: Connection refused

The Windows Firewall is disabled on my computer.

EDIT:
iptables -t nat -L gives me:
hostname - my hostname.


Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       udp  --  anywhere             hostname udp dpt:63392 to:192.168.0.2:63392 
DNAT       tcp  --  anywhere             hostname tcp dpt:63392 to:192.168.0.2:63392

#2 - Test Driver

Mon 25 Aug 2008, 19:49

As far as i know from the way port forwarding works in my router, yes the port has to be open and accessible, or noone will be able to connect to the server.

Can't say what's wrong in your config though. But in your config there is a line which says "62292 - server port". And you're forwarding to port 63392, is that correct?

#3 - Raga

Tue 26 Aug 2008, 10:48

Its only my fault when making description to code.
Server port is 63392 and forwared its 63392 too.

Hm, can you check is your port visible by: http://www.canyouseeme.org
when your server is running?

EDIT:
Now is working, the port forwarding generator was mixing local with WAN interfaces.
I just had to change FORWARD and PREROUTING interfaces from eth0 (local) to eth1 (WAN)