[SOLVED] iptables cannot port forward

mfoley · 01-24-2024, 10:41 PM

I've done this successfully in the past, but am unable get it right now. I want connections to port 1912 on host MAIL to forward to port 3389 on IP 192.168.0.62. Verify I could get to that host: port from another LAN host, I first ran 'nc -vl -p 1912 localhost' on host MAIL, then telnet'ed to that port from another host on the LAN. That worked. I then tried:

Code:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1912 -j DNAT --to-destination 192.168.0.62:3389

When I then tried telnet'ing to MAIL port 1912 from another host, no connection.

Keeping the above setting, I added:

Code:

iptables -A FORWARD -i eth0 -d 192.168.0.62 -p tcp --dport 3389 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 192.168.0.62 -p tcp --dport 3389 -j SNAT --to-source 192.168.0.2
iptables -t nat -A POSTROUTING -o eth0 -d 192.168.0.62 -p tcp --dport 3389 -j SNAT --to-source 192.168.0.2

I had these setting in my notes from a previous successful connection from long ago, but again, I could not connect to MAIL:1912 from another host.

Obviously, I'm doing something wrong. Can someone straighten me out?

wpeckham · 01-24-2024, 11:01 PM

Did you turn on port forwarding in the kernel by setting net.ipv4.ip_forward ???

mfoley · 01-25-2024, 12:59 PM

Quote:

Originally Posted by wpeckham

Did you turn on port forwarding in the kernel by setting net.ipv4.ip_forward ???

Duh! No! I did not. This is a scratch install of Linux and I just forgot. It's working now. Thanks.