[Firehol-support] Port forwarding
Costa Tsaousis
costa at tsaousis.gr
Thu Jan 8 14:59:17 CET 2009
HFS at gmx.de wrote:
> Hi,
>
> I have a firehol server that connects several nets. I want to do port forwarding for some services. I have configured the following rules:
>
> dnat to 192.168.50.6:80 proto tcp dport 83 dst 192.168.8.1 log DB-DNAT
>
> router office2dmz inface eth1 outface eth4
> server http accept log DB-ROUTE
> client all accept
>
> If I connect to 192.168.8.1:83 from the "office" network I only receive a timeout. In the logs it looks like this:
>
> 'DB-DNAT:'IN=eth1 OUT= MAC=00:1b:21:1d:11:ab:00:ff:63:29:0b:91:08:00 SRC=192.168.11.109 DST=192.168.8.1 LEN=60 TOS
> =0x00 PREC=0x00 TTL=64 ID=15130 DF PROTO=TCP SPT=43325 DPT=83 WINDOW=5840 RES=0x00 SYN URGP=0
> 'DB-ROUTE:'IN=eth1 OUT=eth4 SRC=192.168.11.109 DST=192.168.50.6 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=15130 DF PROTO
> =TCP SPT=43325 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
> 'DB-ROUTE:'IN=eth1 OUT=eth4 SRC=192.168.11.109 DST=192.168.50.6 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=15131 DF PROTO
> =TCP SPT=43325 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
>
> Is the NAT set up correctly?
>
> Thanks,
> Hermann
>
The request went to 192.168.50.6 port tcp/80 as it was supposed to,
using the dnat and the server http accept rules.
If it times out, either of the two may be happening:
1. The replies from 192.168.50.6 to 192.168.11.109 do not pass through
the firehol host (check your routing)
or
2. Nothing is listening on 192.168.50.6 port tcp/80, or whatever is
listening there does not allow requests from 192.168.50.6 (check your
server)
Costa
More information about the Firehol-support
mailing list