What on earth is going on here? It's driving me mad now.
Any settings changed in the web interface does not effect `iptables -L` including port forwarding DMZ and firewall.
Trying forwarding ports on the command line doesn't do it either when I actually test the port. How do you test the port without a remote machine anyway? At the moment I'm just trying to connect to the router on the port I'm trying to forward.
Code:j@ethel:~$ nmap my.router Starting Nmap 4.53 ( http://insecure.org ) at 2008-09-05 18:20 BST Interesting ports on my.router (192.168.1.50): Not shown: 1708 closed ports PORT STATE SERVICE 23/tcp open telnet 53/tcp open domain 80/tcp open http 515/tcp open printer 9100/tcp open jetdirect 9101/tcp open jetdirect Nmap done: 1 IP address (1 host up) scanned in 2.088 secondsCode:j@ethel:~$ nmap PUBLIC-INTERNET-IP Starting Nmap 4.53 ( http://insecure.org ) at 2008-09-05 18:21 BST Interesting ports on xxxx: Not shown: 1709 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 80/tcp open http 1720/tcp filtered H.323/Q.931 8080/tcp open http-proxy Nmap done: 1 IP address (1 host up) scanned in 11.056 seconds j@ethel:~$Code:[admin@(none) root]$ iptables -A INPUT -p tcp --dport ssh -j ACCEPT [admin@(none) root]$ iptables -A INPUT -p tcp --dport 8081 -j ACCEPT [admin@(none) root]$ iptables -A FORWARD -i eth1 -p tcp --dport 8081:8081 --destination 192.168.1.3 -j ACCEPT [admin@(none) root]$ iptables -A FORWARD -i eth1 -p tcp --dport 8081:8081 --destination 192.168.1.3 -j ACCEPT [admin@(none) root]$ iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW ACCEPT all -- anywhere anywhere state NEW SECURITY all -- anywhere anywhere state NEW ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP all -- anywhere anywhere SECURITY all -- anywhere anywhere state NEW ACCEPT all -- anywhere anywhere ctstate DNAT ACCEPT tcp -- anywhere 192.168.1.3 tcp dpt:tproxy ACCEPT tcp -- anywhere 192.168.1.3 tcp dpt:tproxy ACCEPT tcp -- anywhere 192.168.1.3 tcp dpt:tproxy Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain MACS (0 references) target prot opt source destination Chain SECURITY (2 references) target prot opt source destination RETURN tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 RETURN udp -- anywhere anywhere limit: avg 5/sec burst 5 RETURN icmp -- anywhere anywhere limit: avg 5/sec burst 5 DROP all -- anywhere anywhere Chain logaccept (0 references) target prot opt source destination LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT ' ACCEPT all -- anywhere anywhere Chain logdrop (0 references) target prot opt source destination LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP ' DROP all -- anywhere anywhere [admin@(none) root]$
Reply With Quote