iptables port forwarding does not work while I have 2 routes


 
Thread Tools Search this Thread
Special Forums IP Networking iptables port forwarding does not work while I have 2 routes
# 1  
Old 03-12-2013
iptables port forwarding does not work while I have 2 routes

Hi,

On my linux server I have 2 routes:

Code:
nexthop via 123.201.254.5 dev eth0 weight 38 nexthop via 111.93.155.149 dev eth2 weight 36


I have a iptable rule like :

iptables -t nat -A PREROUTING -p tcp -i eth0 -d 123.201.254.7 --dport 84 -j DNAT --to 192.168.1.200:80

Now, when I try to telnet from public it does not work

telnet 123.201.254.7 84
Trying 123.201.254.7...

tcpdump -


Code:
[root@firewall ~]# tcpdump -i eth0 -n -n port 84 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 
08:28:26.630850 IP 180.151.36.168.41514 > 123.201.254.7.84: S 3097544796:3097544796(0) win 14600 <mss 1460,sackOK,timestamp 1963738 0,nop,wscale 4> 
08:28:29.635321 IP 180.151.36.168.41514 > 123.201.254.7.84: S 3097544796:3097544796(0) win 14600 <mss 1460,sackOK,timestamp 1964490 0,nop,wscale 4> 
08:28:35.642453 IP 180.151.36.168.41514 > 123.201.254.7.84: S 3097544796:3097544796(0) win 14600 <mss 1460,sackOK,timestamp 1965992 0,nop,wscale 4> 
08:28:47.674757 IP 180.151.36.168.41514 > 123.201.254.7.84: S 3097544796:3097544796(0) win 14600 <mss 1460,sackOK,timestamp 1969000 0,nop,wscale 4> 
08:29:11.704090 IP 180.151.36.168.41514 > 123.201.254.7.84: S 3097544796:3097544796(0) win 14600 <mss 1460,sackOK,timestamp 1975008 0,nop,wscale 4>

Could somebody please advise what is missing....

Thanks
Ashok
# 2  
Old 03-12-2013
Funny, first packet normally is syn no ack no fin, response is syn ack, the all ack until fin and fin ack. Is that sackOK a syn, an ack, ???

When the port changes, I look more to portforwarding examples, which are more than one rule. This works if you shut down either ethernet and address the other in the rule?
# 3  
Old 03-13-2013
It works if i just have 1 public and 1 local lan interface.

But, I need to have both ISP's enabled. In my case :

eth0 - ISP1
eth1 - LAN
eth2 - ISP2

Suggest me the iptable rules and how can I do port forward with such setup...

Thanks
Ashok
# 4  
Old 03-13-2013
It seems like you should have a virtual IP or use a router box, so the path is not in your hair. You are forwarding to the IP of one path, and if it is down, I am not sure routing will get there by the other path. If both ISPs support routing to the same IPs, and those IPs are what you are port forwarding from, then the path does not matter.

Regardless, port forwarding in a two interface world is complicated, needs 4 rules: portforwarding - Iptables: forward request on different interfaces and port - Stack Overflow
This User Gave Thanks to DGPickett For This Post:
# 5  
Old 03-13-2013
Thanks DGPickett Smilie

It now works.
# 6  
Old 03-14-2013
It'd be neat if iptables could configure the most popular things like firewall, NAT and port forwarding with one simple line, or a GUI. I mean, if you want b to a out, you want a to b in! There are about zero simplex applications in this world. Sometimes there is outgoing on one LAN and incoming on another!
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

iptables port forwarding

Hello All, I would like to ask you very kindly with /etc/sysconfig/iptables file I have to setup port forwarding on RHEL6 router. Users from public network must be able to ssh to servers in private network behind RHEL6 router. Problem is that servers in private network must be isolated. My... (2 Replies)
Discussion started by: oidipus
2 Replies

2. UNIX for Advanced & Expert Users

Help on port forwarding please..

Hi experts, We have windows machine ( A ) in one network & 2 Linux Servers ( B & C ) in another network. There is a firewall between these 2 networks and SSH (TCP/22) & HTTPS (TCP/443) are allowed from A to B only (but not to C). There is no personal firewall / iptables running on any machine.... (1 Reply)
Discussion started by: magnus29
1 Replies

3. UNIX for Dummies Questions & Answers

Iptables, port forwarding, 64k connection limit?

I am having an issue with iptables. My server is a RHEL6 64bit system. In my application I have a large number of connected clients ~100k to a particular service. The application works fine when iptables is off, 100k clients are able to connect. However, when I turn iptables on and add a... (1 Reply)
Discussion started by: jtipp3tt
1 Replies

4. UNIX for Advanced & Expert Users

Iptable and port forwarding

Hello, I have a routeur linksys (192.168.1.1 ) a firewall (192.168.1.55 IN ----> 192.168.2.254 OUT) which using iptable I want to acces to an equipment (lorex video camera serveur 192.168.2.44) which using an ddns service on the port 9000 So i don t know which redirection a will do on the... (2 Replies)
Discussion started by: tapharule
2 Replies

5. IP Networking

SSH Port Forwarding - sharing the same port

Hi Linux/Unix Guru, I am setting Linux Hopping Station to another different servers. My current config to connect to another servers is using different port to connect. e.g ssh -D 1080 -p 22 username@server1.com ssh -D 1081 -p 22 username@server2.com Now what I would like to have... (3 Replies)
Discussion started by: regmaster
3 Replies

6. Solaris

Port/IP Forwarding in Solaris 10.0

Hi, I am looking out a way to forward all UDP traffic coming on ports 3001,3002,3003 and 3004 on server 10.2.45.200 to corresponding ports of server 10.2.45.197. I am using Solaris 10.0. -bash-3.00$ uname -a SunOS airtelussd2 5.10 Generic_127127-11 sun4u sparc SUNW,Sun-Fire-V445 Is... (6 Replies)
Discussion started by: vikas027
6 Replies

7. UNIX for Advanced & Expert Users

Port forwarding

Hi I want to set up port forwarding from one network to another network. I already have this configured on the Linux box using iptables. iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1521 -j DNAT --to 10.218.146.230 iptables -A FORWARD -p tcp -i eth1 -d 10.218.146.230 -j ACCEPT ... (2 Replies)
Discussion started by: slash_blog
2 Replies

8. AIX

Port/ IP Forwarding AIX5.3

Hi friends i have the following setup machine1 two network adapters one connected to lan the other connected directly to machine2 machine2 is not connected to lan i need to access machine2 directly from the LAN how to force machine1 to forward all traffic received on a specific port the... (1 Reply)
Discussion started by: Husam
1 Replies

9. UNIX for Advanced & Expert Users

port forwarding

Hi, I have to install an application that has a built in tftp server. Tftp comes in on port 69. As i am not installing this application as a root user i am running into trouble because only the root user can listen to ports < 1024. So changing the port i listen to to one greater than 1023 isn't... (1 Reply)
Discussion started by: imloaded24_7
1 Replies

10. UNIX for Dummies Questions & Answers

iptables: forwarding a port

I've been googling for a while now, trying to forward port 3000 to port 80.... In the past I used to DLink router to forward port 3000 to 80. I recently finished (well, is it ever done anyhow?) setting up my linux box and got it acting as a router. I want to continue to run Apache on port 80... (1 Reply)
Discussion started by: meeps
1 Replies
Login or Register to Ask a Question