Board index Linux Networking

Port Forwarding Problems

Port Forwarding Problems

Post by .Adam » Sat, 16 Dec 2000 07:43:13



I have RH6.2 with 2.2.18 kernel compiled with all IPMASQ and PORTFW modules.
My firewall and IP MASQ capability works without any problems.

The following confirms the correct installation of the above modules:
# ls /proc/net/ip_masq
app autofw icmp portfw tcp udp
I want to port forward port 25 (SMTP) on my firewall to an internal machine
running, my mail server.

I do this my issuing the following command:

ipmasqadm portfw -a -P tcp -L <my.ext.addr> 25 -R 10.1.23.15 25
ipmasqadm portfw -a -P udp -L <my.ext.addr> 25 -R 10.1.23.15 25

doing a ipmasqadm portfw -l confirms the port forward rules being entered...
However when I try to telnet <my.ext.addr> 25 all I get is:
Trying <my.ext.addr>...
telnet: Unable to connect to remote host: Connection refused
I have port 25 open on my firewall, and I also tried port forwarding off the
internal address of the firewall (10.1.23.5).  All with the same results...
Telnetting into 10.1.23.15 25 responds with my ESMTP banner.

Any ideas/solutions would be appreciated.

Thanks.

 
 
 
Top

Port Forwarding Problems

Post by Manfred Bart » Sat, 16 Dec 2000 08:06:30



> I have RH6.2 with 2.2.18 kernel compiled with all IPMASQ and PORTFW modules.
> My firewall and IP MASQ capability works without any problems.

> The following confirms the correct installation of the above modules:
> # ls /proc/net/ip_masq
> app autofw icmp portfw tcp udp
> I want to port forward port 25 (SMTP) on my firewall to an internal machine
> running, my mail server.

> I do this my issuing the following command:

> ipmasqadm portfw -a -P tcp -L <my.ext.addr> 25 -R 10.1.23.15 25
> ipmasqadm portfw -a -P udp -L <my.ext.addr> 25 -R 10.1.23.15 25

> doing a ipmasqadm portfw -l confirms the port forward rules being entered...

There is nothing wrong with your forwarding.

Quote:> However when I try to telnet <my.ext.addr> 25 all I get is:
> Trying <my.ext.addr>...
> telnet: Unable to connect to remote host: Connection refused

Looks like your /etc/inetd.conf has the entry for telnet commented out
or removed.  Edit it and add this line:
    telnet stream  tcp nowait root /usr/sbin/tcpd /usr/sbin/in.telnetd

Also make sure you add trusted hosts or subnets to /etc/hosts.allow

The usual disclaimers about telnet non-security apply.
Consider installing ssh and/or srp-enabled telnet.

Cheers
--
Manfred
---------------------------------------------------------------
ipchainsLogAnalyzer, NetCalc, whois at: <http://logi.cc/linuc/>

 
 
 
Top

Port Forwarding Problems

Post by Manfred Bart » Sat, 16 Dec 2000 08:20:15



> Looks like your /etc/inetd.conf has the entry for telnet commented out
> or removed.  Edit it and add this line:
>     telnet stream  tcp nowait root /usr/sbin/tcpd /usr/sbin/in.telnetd

> Also make sure you add trusted hosts or subnets to /etc/hosts.allow

Almost forgot:
after making changes to the mentioned config files give inetd a HUP:

        kill -HUP `pidof inetd`

Note the back-quotes.

--
Manfred
---------------------------------------------------------------
ipchainsLogAnalyzer, NetCalc, whois at: <http://logi.cc/linuc/>

 
 
 
Top

Port Forwarding Problems

Post by XoF » Sat, 16 Dec 2000 19:18:59




> > I have RH6.2 with 2.2.18 kernel compiled with all IPMASQ and PORTFW
> > modules. My firewall and IP MASQ capability works without any problems.

> > The following confirms the correct installation of the above modules:
> > # ls /proc/net/ip_masq
> > app autofw icmp portfw tcp udp
> > I want to port forward port 25 (SMTP) on my firewall to an internal
> > machine running, my mail server.

> > I do this my issuing the following command:

> > ipmasqadm portfw -a -P tcp -L <my.ext.addr> 25 -R 10.1.23.15 25
> > ipmasqadm portfw -a -P udp -L <my.ext.addr> 25 -R 10.1.23.15 25

> > doing a ipmasqadm portfw -l confirms the port forward rules being
> > entered...

> There is nothing wrong with your forwarding.

> > However when I try to telnet <my.ext.addr> 25 all I get is:
> > Trying <my.ext.addr>...
> > telnet: Unable to connect to remote host: Connection refused

> Looks like your /etc/inetd.conf has the entry for telnet commented out
> or removed.  Edit it and add this line:
>     telnet stream  tcp nowait root /usr/sbin/tcpd /usr/sbin/in.telnetd

No No No !!

This cannot be the prob!
He never mentioned that he wants to telnet....he said, he tried "telnet
<adress> 25"
Herefore you dont need telnet to be enabled in /etc/inetd.conf !!!!!
Opening the telnet port is - as you mentioned - unsecure!

Btw, he also mentioned, that telnet 25 from internal works.....
so, there is definetly a prob with portforwarding!

I am sorry, but I do not know much about ipmasqadm and portfw since I only
use iptables, but be sure that you have to search for your prob within here!

greetings
-XoF-

 
 
 
Top

Port Forwarding Problems

Post by Manfred Bart » Sun, 17 Dec 2000 04:25:22





> > > I have RH6.2 with 2.2.18 kernel compiled with all IPMASQ and PORTFW
> > > modules. My firewall and IP MASQ capability works without any problems.

> > > The following confirms the correct installation of the above modules:
> > > # ls /proc/net/ip_masq
> > > app autofw icmp portfw tcp udp
> > > I want to port forward port 25 (SMTP) on my firewall to an internal
> > > machine running, my mail server.

> > > I do this my issuing the following command:

> > > ipmasqadm portfw -a -P tcp -L <my.ext.addr> 25 -R 10.1.23.15 25
> > > ipmasqadm portfw -a -P udp -L <my.ext.addr> 25 -R 10.1.23.15 25

> > > doing a ipmasqadm portfw -l confirms the port forward rules being
> > > entered...

> > There is nothing wrong with your forwarding.

<snip>

Quote:> No No No !!

> This cannot be the prob!
> He never mentioned that he wants to telnet....he said, he tried "telnet
> <adress> 25"
> Btw, he also mentioned, that telnet 25 from internal works.....

Hmmm...  I need to get more sleep...   ;-/

Quote:> so, there is definetly a prob with portforwarding!

No, his forwarding command above still looks fine to me.

The only situation where ipmasqadm portfw doesn't work is if you try
to forward to the local host (on a different interface).  portfw to a
different host (as he does) works, I do that all the time.

More likely its a firewall rule then which blocks access.
Or if the MTA has access control it could be that.  
E.g. with qmail you'd be controlling access via /etc/tcp.smtp.cdb

--
Manfred
---------------------------------------------------------------
ipchainsLogAnalyzer, NetCalc, whois at: <http://logi.cc/linuc/>

 
 
 
Top

Port Forwarding Problems

Post by Jack_D.. » Sat, 06 Jan 2001 06:44:56




Quote:

> I have RH6.2 with 2.2.18 kernel compiled with all IPMASQ and PORTFW
modules.
> My firewall and IP MASQ capability works without any problems.

> The following confirms the correct installation of the above modules:
> # ls /proc/net/ip_masq
> app autofw icmp portfw tcp udp
> I want to port forward port 25 (SMTP) on my firewall to an internal
machine
> running, my mail server.

> I do this my issuing the following command:

> ipmasqadm portfw -a -P tcp -L <my.ext.addr> 25 -R 10.1.23.15 25
> ipmasqadm portfw -a -P udp -L <my.ext.addr> 25 -R 10.1.23.15 25

> doing a ipmasqadm portfw -l confirms the port forward rules being
entered...
> However when I try to telnet <my.ext.addr> 25 all I get is:
> Trying <my.ext.addr>...
> telnet: Unable to connect to remote host: Connection refused
> I have port 25 open on my firewall, and I also tried port forwarding
off the
> internal address of the firewall (10.1.23.5).  All with the same
results...
> Telnetting into 10.1.23.15 25 responds with my ESMTP banner.

> Any ideas/solutions would be appreciated.

> Thanks.

I don't really have any help for you, but I am having the same problem.
I have been searching the net now for about 12 hours to find a
solution. The only thing that I have seen so far is that you have to
use ipmasqadm to setup external portforwarding, and another
portfowarder for internal. It says this in the IP Masq howto guide. But
I have yet to find an example of it.
If you find a solution please let me know.

Thank you.

Sent via Deja.com
http://www.deja.com/

 
 
 
Top

Port Forwarding Problems

Post by broche » Sat, 06 Jan 2001 07:19:20


Jack,

Port forwarding in itself does not bypass ipchains packet filtering rules.
It may be that you jave to explicitly define input, output and forward
rules to match what the 'port-forwarded' packets will be doing.

Hope this helps,

John




> > I have RH6.2 with 2.2.18 kernel compiled with all IPMASQ and PORTFW
> modules.
> > My firewall and IP MASQ capability works without any problems.

> > The following confirms the correct installation of the above modules:
> > # ls /proc/net/ip_masq
> > app autofw icmp portfw tcp udp
> > I want to port forward port 25 (SMTP) on my firewall to an internal
> machine
> > running, my mail server.

> > I do this my issuing the following command:

> > ipmasqadm portfw -a -P tcp -L <my.ext.addr> 25 -R 10.1.23.15 25
> > ipmasqadm portfw -a -P udp -L <my.ext.addr> 25 -R 10.1.23.15 25

> > doing a ipmasqadm portfw -l confirms the port forward rules being
> entered...
> > However when I try to telnet <my.ext.addr> 25 all I get is:
> > Trying <my.ext.addr>...
> > telnet: Unable to connect to remote host: Connection refused
> > I have port 25 open on my firewall, and I also tried port forwarding
> off the
> > internal address of the firewall (10.1.23.5).  All with the same
> results...
> > Telnetting into 10.1.23.15 25 responds with my ESMTP banner.

> > Any ideas/solutions would be appreciated.

> > Thanks.

> I don't really have any help for you, but I am having the same problem.
> I have been searching the net now for about 12 hours to find a
> solution. The only thing that I have seen so far is that you have to
> use ipmasqadm to setup external portforwarding, and another
> portfowarder for internal. It says this in the IP Masq howto guide. But
> I have yet to find an example of it.
> If you find a solution please let me know.

> Thank you.

> Sent via Deja.com
> http://www.deja.com/

 
 
 
Top

Port Forwarding Problems

Post by Manfred Bart » Sat, 06 Jan 2001 07:28:12





> > I have RH6.2 with 2.2.18 kernel compiled with all IPMASQ and PORTFW
> modules.
> > My firewall and IP MASQ capability works without any problems.

> > The following confirms the correct installation of the above modules:
> > # ls /proc/net/ip_masq
> > app autofw icmp portfw tcp udp
> > I want to port forward port 25 (SMTP) on my firewall to an internal
> machine
> > running, my mail server.

> > I do this my issuing the following command:

> > ipmasqadm portfw -a -P tcp -L <my.ext.addr> 25 -R 10.1.23.15 25
> > ipmasqadm portfw -a -P udp -L <my.ext.addr> 25 -R 10.1.23.15 25

> > doing a ipmasqadm portfw -l confirms the port forward rules being
> entered...
> > However when I try to telnet <my.ext.addr> 25 all I get is:
> > Trying <my.ext.addr>...
> > telnet: Unable to connect to remote host: Connection refused
> > I have port 25 open on my firewall, and I also tried port forwarding
> off the
> > internal address of the firewall (10.1.23.5).  All with the same
> results...
> > Telnetting into 10.1.23.15 25 responds with my ESMTP banner.

portfw only works if the -L and -R are on different hosts.  From
your description it sounds they are the same host, just different
interfaces.

You could use a separate program to do this re-directing,  search
for ``redir'' on freshmeat.net, or rpm-find, or whatever...

--
Manfred
---------------------------------------------------------------
ipchainsLogAnalyzer, NetCalc, whois at: <http://logi.cc/linux/>

 
 
 
Top

1. iptables smtp port forwarding problem

Hello,
   I'm relatively new to linux and iptables. I'm running Redhat 8.0,
iptables 1.2.6a, and using script for iptables created via a utility
called gShield.  I'm trying to setup the linux box as a
gateway/firewall for a small lan.  The linux box has 2 nics, one for
the internal network and the other connected to the internet via a
cable connection.  The gateway should also forward mail on port 25 to
an internal w2k mail server.  After running the configuration script,
I can browse the internet just fine from the internal network using
the linux box as a gateway.  Port 25 is open and is forwarding to the
windows box, but when I telnet to the linux box on port 25 I get a
Connect failed message.  The mail server log shows that a connection
was made then immediately dropped.  I can telnet to the internal mail
server on the internal network, and also through another
firewall/router that is connected to the internet via a T1 line.(The
T1 is thru adelphia, now bankrupt, so we are switching to roadrunner).
 Anyway, can anyone help?

2. Failed to start Policy Manager?

3. Firewall & port forward problem

4. Software RAID 0 Problem

5. Port forwarding problem

6. Error opening directory in Redhat Installation

7. Port Forwarding Problem

8. smbfs -- smb_dont_catch_keepalives

9. ipchains port forwarding problems

10. Port Forwarding Problem

11. iptables port forwarding problem

12. port forwarding problems (ipmasqadm + ipchains)

13. Iptables port forwarding problem


All times are UTC
Board index