hugo
06-03-2005, 11:24
Hi,
I'm trying to use NAT to make a remote control on a computer at work.
The computer by itself is behing a company firewall, and it might change IP adress between each packet.
It I'm setting up a normal router (ie non firewall, an airport express), I can NAT the port 443 to my home computer 192.168.1.10 to port 82. The connection is properly establised by the work computer, and I can remote control properly.
Now, I'm trying to do the same with the wl-hdd with Oleg latest firmware.
I've set up a vitrual server, the same way, but I only get the first packet. Next ones are lost. I don't know if this behaviour is caused by a bad setting, or because the work firewall can use 4 IP to conenct to internet, and it might change between each connection.
What I do not undestand is why it is working with a simple NAT device, and not with iptables.
I've tryed setting firewall off, just to see. No more result.
Also, I've been trying some other conference program, using video and sound, and I have the same trouble setting it up, when my other NAT router work.
On the other side, emule is perfectly NATing on wl-hdd.
Here is my iptable result:
[admin@wl-hdd root]$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1453:65535TCPMSS set 1452
ACCEPT tcp -- anywhere 192.168.1.5 tcp dpt:4662
ACCEPT tcp -- anywhere 192.168.1.10 tcp dpt:82
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain MACS (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1453:65535TCPMSS set 1452
Chain logaccept (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP'
DROP all -- anywhere anywhere
[admin@wl-hdd root]$ iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 84.99.8.117 tcp dpt:4662 to:192.168.1.5:4662
DNAT tcp -- 0.0.0.0/0 84.99.8.117 tcp dpt:443 to:192.168.1.10:82
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
MASQUERADE all -- 192.168.1.0/24 192.168.1.0/24
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I don't see any trouble here: incoming port 443 is redirected to 192.168.1.10:82
Any idea? somebody had the same trouble? Should I change MASQUERADE to SNAT?
I'm trying to use NAT to make a remote control on a computer at work.
The computer by itself is behing a company firewall, and it might change IP adress between each packet.
It I'm setting up a normal router (ie non firewall, an airport express), I can NAT the port 443 to my home computer 192.168.1.10 to port 82. The connection is properly establised by the work computer, and I can remote control properly.
Now, I'm trying to do the same with the wl-hdd with Oleg latest firmware.
I've set up a vitrual server, the same way, but I only get the first packet. Next ones are lost. I don't know if this behaviour is caused by a bad setting, or because the work firewall can use 4 IP to conenct to internet, and it might change between each connection.
What I do not undestand is why it is working with a simple NAT device, and not with iptables.
I've tryed setting firewall off, just to see. No more result.
Also, I've been trying some other conference program, using video and sound, and I have the same trouble setting it up, when my other NAT router work.
On the other side, emule is perfectly NATing on wl-hdd.
Here is my iptable result:
[admin@wl-hdd root]$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1453:65535TCPMSS set 1452
ACCEPT tcp -- anywhere 192.168.1.5 tcp dpt:4662
ACCEPT tcp -- anywhere 192.168.1.10 tcp dpt:82
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain MACS (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1453:65535TCPMSS set 1452
Chain logaccept (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP'
DROP all -- anywhere anywhere
[admin@wl-hdd root]$ iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 84.99.8.117 tcp dpt:4662 to:192.168.1.5:4662
DNAT tcp -- 0.0.0.0/0 84.99.8.117 tcp dpt:443 to:192.168.1.10:82
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
MASQUERADE all -- 192.168.1.0/24 192.168.1.0/24
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I don't see any trouble here: incoming port 443 is redirected to 192.168.1.10:82
Any idea? somebody had the same trouble? Should I change MASQUERADE to SNAT?