Can portfw masq outgoing traffic to a different port?

by Chris Schol » Tue, 03 Jul 2001 04:44:31

Here's what I have:

-Linux DSL router using fli4l, on a floppy (great thing!)
-kernel 2.2.4 if I am not mistaken much
-ipmasqadm running
-masking works fine, no problems
-internal network 192.168.6.0/24

What I want to do is to divert outgoing traffic from 192.168.6.2 -->
100.99.98.97:1200 (not actual value, just for argument) to
100.99.98.97:1201.

In other words. Some application I have is trying to connect to a given
IP/Port on the outside, which works fine. Unfortunately it uses the wrong
port, so I want to force it to another.

I looked at redir, which is a small tool to redirect traffic, but I can not
change the IP adress my local application is using, so it's a no go.

I tried
ipmasqadm portfw -a -P tcp -L 100.99.98.97 1200 -R 100.99.98.97 1201
which seems logical to me, but simply doesnt do anything.

Any ideas?

Chris Scholz

Top

1. port forwarding disables outgoing traffic on same port

Whenever I forward a particular TCP port to a computer on a LAN, I cannot
send outgoing traffic to anywhere on that port from that computer (perhaps
the whole LAN as well, I haven't tried).

For example, there is a webserver running on port 5190 on a LAN computer.
iptables is configured to DNAT incoming 5190 requests to this LAN PC from
the WAN interface. That works fine. Whenever the forwarding is in effect, I
am not able to connect to AIM (which also runs on port 5190). I have
reproduced this problem with different ports, and gets the same effect on
the port being used.

Thank you for any assistance. Below is my iptables configuration.

This is my iptables script:

eth0 is the LAN
eth1 is the cable modem

echo 0 > /proc/sys/net/ipv4/ip_forward
#Flush and create tables
iptables -F
iptables -X TCP
iptables -X ICMP
iptables -t nat -F

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

#default policies
iptables -P INPUT DROP

#special tables for incomoming on each proto
iptables -N UDP
iptables -N TCP

#allow loopback iface to work
iptables -A INPUT -i lo -j ACCEPT

#allow internal net to communicate with us

iptables -A INPUT -i eth0 -j ACCEPT

#allow NATed connections to work
iptables -A INPUT -p tcp -i eth1 -m state --state RELATED,ESTABLISHED -j
ACCEPT

#ICMP doodad
iptables -A INPUT -i eth1 -p icmp -m state --state RELATED,ESTABLISHED -j
ACCEPT

#move incoming traffic to the proper table
iptables -A INPUT -p tcp -i eth1 -j TCP

iptables -A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT

#TCP ports to accept
iptables -A TCP -p tcp --dport 20:22 -j ACCEPT
iptables -A TCP -p tcp --dport 113 -j ACCEPT
iptables -A TCP -p tcp --dport 80 -j ACCEPT
iptables -A TCP -p tcp -s 24.174.94.252 --dport 10000 -j ACCEPT

#Port Forwarding
iptables -t nat -A PREROUTING -p tcp --dport 5190 -j DNAT --to 192.168.0.100
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to 192.168.0.101

modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

echo 1 > /proc/sys/net/ipv4/ip_forward

2. Help - tricky hard drive/config problem with Model 10 RT

3. IPCHAINS: Different IP for outgoing and inbound traffic?

4. Looking for utility to convert encapsulated Postscript -> gif, jpg, tif, etc.

5. PPP: Does outgoing traffic slow incoming traffic?

6. GNU gcc (2.6.3) on Solaris 2.4 x86

7. Unknown outgoing udp source port 38208-38212 traffic

8. strange directory perm problem

9. Eth0 timed out/ portfw/masq/quake

10. pcAnywhere through a masq and portfw??

11. forwarding traffic using ipmasqadm portfw - MetaFrame