by Whenever I forward a particular TCP port to a computer on a LAN, I cannot
send outgoing traffic to anywhere on that port from that computer (perhaps
the whole LAN as well, I haven't tried).
For example, there is a webserver running on port 5190 on a LAN computer.
iptables is configured to DNAT incoming 5190 requests to this LAN PC from
the WAN interface. That works fine. Whenever the forwarding is in effect, I
am not able to connect to AIM (which also runs on port 5190). I have
reproduced this problem with different ports, and gets the same effect on
the port being used.
Thank you for any assistance. Below is my iptables configuration.
This is my iptables script:
eth0 is the LAN
eth1 is the cable modem
echo 0 > /proc/sys/net/ipv4/ip_forward
#Flush and create tables
iptables -F
iptables -X TCP
iptables -X ICMP
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
#default policies
iptables -P INPUT DROP
#special tables for incomoming on each proto
iptables -N UDP
iptables -N TCP
#allow loopback iface to work
iptables -A INPUT -i lo -j ACCEPT
#allow internal net to communicate with us
iptables -A INPUT -i eth0 -j ACCEPT
#allow NATed connections to work
iptables -A INPUT -p tcp -i eth1 -m state --state RELATED,ESTABLISHED -j
ACCEPT
#ICMP doodad
iptables -A INPUT -i eth1 -p icmp -m state --state RELATED,ESTABLISHED -j
ACCEPT
#move incoming traffic to the proper table
iptables -A INPUT -p tcp -i eth1 -j TCP
iptables -A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
#TCP ports to accept
iptables -A TCP -p tcp --dport 20:22 -j ACCEPT
iptables -A TCP -p tcp --dport 113 -j ACCEPT
iptables -A TCP -p tcp --dport 80 -j ACCEPT
iptables -A TCP -p tcp -s 24.174.94.252 --dport 10000 -j ACCEPT
#Port Forwarding
iptables -t nat -A PREROUTING -p tcp --dport 5190 -j DNAT --to 192.168.0.100
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to 192.168.0.101
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward