22 Apr
2015
22 Apr
'15
6:52 a.m.
Hello Ian,
I assume you have more iptables rules than provided previously?
Can you please provide the complete set of rules?
What is you network layout? Is is like this?
ISP modem/router <--- LAN ---> PC Router <--- local 44net
Your iptables rules are actually allowing connection to
44.131.8.0/27
on the TCP ports
6300 to 6310
7300 to 7310
8000 to 8011
But you also have very unspecific DNAT rules, which applies DNAT to any
packet which destination port is TCP 6300, TCP 7300 or TCP 8000, and
forward it to 44.131.8.16 even if the destination IP was not
44.131.8.16. This is probably messing up alot of your connections on
these 3 ports.
I suggest that you start with less complexity, e.g. first test plain
44net routing without any firewall rules, then test routing between
44net and internet and vice-versa without the firewall. Once you have
confirmed that everything is working as expected, not before, add
firewall rules, if your connections start breaking here, you know your
firewall rules are incorrect.
73 de Marc
On 2015-04-22 12:49, gm4upx(a)gb7jd.co.uk wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Hello Marc,
I have my ISP ADSL modem ; PC router ; home network ( 192.168.0.0/24 )
and 44net. I have DYNDNS set. I use a default setting at my PC Router
to drop everything and have found if I do not have port forwarding
set, along with prerouting, connections are not possible.
If I remove the [ # ] a connection is possible but the connection to
my neighbour drops, this is the point I do not understand.
Removing the prerouting for the other ports stops connections on these
ports
Regards,
Ian..
On 22-04-2015 08:05, Marc, LX1DUC wrote:
--
Marc, LX1DUC
--
www.laru.lu - Luxembourg Amateur Radio Union
www.emcomm.services - Emergency Communication
www.ham-dmr.lu - DMR Infos for HAMs
(Please trim inclusions from previous messages)
_______________________________________________
Please explain to us why you think that you need port forwarding in
the first place.
73 de Marc
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net On 22 avr. 2015, at 00:07, gm4upx(a)gb7jd.co.uk
wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Hello,
As someone new to the intricacies of port forwarding I have been
puzzled why I cannot maintain a connection when I have the entry
shown below for port 7300 active yet connections via port 6300 and
8000 work as expected.
$IPTABLES -A FORWARD -d 44.131.8.0/27 -p tcp -m tcp --dport
6300:6310 -j ACCEPT
$IPTABLES -A FORWARD -d 44.131.8.0/27 -p tcp -m tcp --dport
7300:7310 -j ACCEPT
$IPTABLES -A FORWARD -d 44.131.8.0/27 -p tcp -m tcp --dport
8000:8011 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp --dport 6300 -j DNAT
--to-destination 44.131.8.16:6300
#$IPTABLES -t nat -A PREROUTING -p tcp --dport 7300 -j DNAT
--to-destination 44.131.8.16:7300
$IPTABLES -t nat -A PREROUTING -p tcp --dport 8000 -j DNAT
--to-destination 44.131.8.16:8000
Placing a [ # ] as shown allows the connections.
Regards,
Ian..
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net