What on earth is going on here? It's driving me mad now.
Any settings changed in the web interface does not effect `iptables -L` including port forwarding DMZ and firewall.
Trying forwarding ports on the command line doesn't do it either when I actually test the port. How do you test the port without a remote machine anyway? At the moment I'm just trying to connect to the router on the port I'm trying to forward.
Code:
j@ethel:~$ nmap my.router
Starting Nmap 4.53 ( http://insecure.org ) at 2008-09-05 18:20 BST
Interesting ports on my.router (192.168.1.50):
Not shown: 1708 closed ports
PORT STATE SERVICE
23/tcp open telnet
53/tcp open domain
80/tcp open http
515/tcp open printer
9100/tcp open jetdirect
9101/tcp open jetdirect
Nmap done: 1 IP address (1 host up) scanned in 2.088 seconds
Code:
j@ethel:~$ nmap PUBLIC-INTERNET-IP
Starting Nmap 4.53 ( http://insecure.org ) at 2008-09-05 18:21 BST
Interesting ports on xxxx:
Not shown: 1709 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
1720/tcp filtered H.323/Q.931
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 11.056 seconds
j@ethel:~$
Code:
[admin@(none) root]$ iptables -A INPUT -p tcp --dport ssh -j ACCEPT
[admin@(none) root]$ iptables -A INPUT -p tcp --dport 8081 -j ACCEPT
[admin@(none) root]$ iptables -A FORWARD -i eth1 -p tcp --dport 8081:8081 --destination 192.168.1.3 -j ACCEPT
[admin@(none) root]$ iptables -A FORWARD -i eth1 -p tcp --dport 8081:8081 --destination 192.168.1.3 -j ACCEPT
[admin@(none) root]$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
SECURITY all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere
SECURITY all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere ctstate DNAT
ACCEPT tcp -- anywhere 192.168.1.3 tcp dpt:tproxy
ACCEPT tcp -- anywhere 192.168.1.3 tcp dpt:tproxy
ACCEPT tcp -- anywhere 192.168.1.3 tcp dpt:tproxy
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain MACS (0 references)
target prot opt source destination
Chain SECURITY (2 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5
RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
RETURN udp -- anywhere anywhere limit: avg 5/sec burst 5
RETURN icmp -- anywhere anywhere limit: avg 5/sec burst 5
DROP all -- anywhere anywhere
Chain logaccept (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
DROP all -- anywhere anywhere
[admin@(none) root]$