Everything is working fine. I can't get anything to get inside. As I am
working on this I have StarWars Galaxies Macroing away, any problems
with NAT would kick me off the servers.
here is the current rule set:
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 5900 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 22 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 5900 -j DNAT
--to 192.168.1.20:5900
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 22 -j DNAT
--to 192.168.1.101:22
Eben King wrote:
> On Thu, 12 Feb 2004, Aaron Steimle wrote:
>
>
>>----- Original Message -----
>>From: "Eben King" <eben1@tampabay.rr.com>
>>To: <slug@nks.net>
>>Sent: Thursday, February 12, 2004 2:23 PM
>>Subject: Re: [SLUG] port forwarding problem
>>
>>
>>
>>>Maybe /etc/hosts.{allow,deny} is disallowing it? Something like
>>>
>>>ssh:ALL
>>>
>>>in /etc/hosts.allow , I guess. The "service" part is the service as
>>>listed in /etc/services .
>
>
> I was wrong. I read hosts_access(5). The format should be
>
> daemon_list : client_list [ : shell_command ]
>
> and "daemon_list is a list of one or more daemon process names (argv[0]
> values) or wildcards".
>
> So it should read
>
> sshd:ALL
>
> But since
>
>
>>hosts.deny is empty.
>
>
> that wouldn't matter.
>
> Can you reach _any_ port on your machine from the outside? "telnet
> machine port" to test. How about going out? My guess is maybe NAT isn't
> working correctly.
>
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:45:15 EDT