Hello Ian,
I assume you have more iptables rules than provided previously? Can you please provide the complete set of rules?
What is you network layout? Is is like this?
ISP modem/router <--- LAN ---> PC Router <--- local 44net
Your iptables rules are actually allowing connection to
44.131.8.0/27
on the TCP ports
6300 to 6310 7300 to 7310 8000 to 8011
But you also have very unspecific DNAT rules, which applies DNAT to any packet which destination port is TCP 6300, TCP 7300 or TCP 8000, and forward it to 44.131.8.16 even if the destination IP was not 44.131.8.16. This is probably messing up alot of your connections on these 3 ports.
I suggest that you start with less complexity, e.g. first test plain 44net routing without any firewall rules, then test routing between 44net and internet and vice-versa without the firewall. Once you have confirmed that everything is working as expected, not before, add firewall rules, if your connections start breaking here, you know your firewall rules are incorrect.
73 de Marc
On 2015-04-22 12:49, gm4upx@gb7jd.co.uk wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hello Marc,
I have my ISP ADSL modem ; PC router ; home network ( 192.168.0.0/24 ) and 44net. I have DYNDNS set. I use a default setting at my PC Router to drop everything and have found if I do not have port forwarding set, along with prerouting, connections are not possible.
If I remove the [ # ] a connection is possible but the connection to my neighbour drops, this is the point I do not understand.
Removing the prerouting for the other ports stops connections on these ports
Regards,
Ian..
On 22-04-2015 08:05, Marc, LX1DUC wrote:
(Please trim inclusions from previous messages) _______________________________________________ Please explain to us why you think that you need port forwarding in the first place.
73 de Marc
On 22 avr. 2015, at 00:07, gm4upx@gb7jd.co.uk wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hello,
As someone new to the intricacies of port forwarding I have been puzzled why I cannot maintain a connection when I have the entry shown below for port 7300 active yet connections via port 6300 and 8000 work as expected.
$IPTABLES -A FORWARD -d 44.131.8.0/27 -p tcp -m tcp --dport 6300:6310 -j ACCEPT $IPTABLES -A FORWARD -d 44.131.8.0/27 -p tcp -m tcp --dport 7300:7310 -j ACCEPT $IPTABLES -A FORWARD -d 44.131.8.0/27 -p tcp -m tcp --dport 8000:8011 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp --dport 6300 -j DNAT --to-destination 44.131.8.16:6300 #$IPTABLES -t nat -A PREROUTING -p tcp --dport 7300 -j DNAT --to-destination 44.131.8.16:7300 $IPTABLES -t nat -A PREROUTING -p tcp --dport 8000 -j DNAT --to-destination 44.131.8.16:8000
Placing a [ # ] as shown allows the connections.
Regards,
Ian..
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net