iptables NAT prerouting rule does not forward the traffic?
by postcd from LinuxQuestions.org on (#528A5)
Hello,
on one server, the iptables rule like:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 48280 -j DNAT --to 10.8.0.2:48280
worked to forward server's incoming traffic at mentioned port into the VPN tunnel where the VPN client network interface has IP 10.8.0.2. Port appeared as open.
Now when i tried the same rule on different server, the port appears closed, even i tried to disable client's firewall.
The ifconfig shows the server has only lo, eth0 and tun0 interfaces so eth0 should be correct.
Please what is the commands you would do to discover where the incoming traffic is stuck?
some details about the server:
Redhat based CentOS 7, kernel 3.10, iptables v1.4.21
lsmod|grep nat
Quote:
iptables-save|egrep -i "reject|drop|deny"
Quote:
iptables-save|egrep -i nat
Quote:
(1.2.3.4 being server's public IP)
Regarding client, it is Windows 10
on one server, the iptables rule like:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 48280 -j DNAT --to 10.8.0.2:48280
worked to forward server's incoming traffic at mentioned port into the VPN tunnel where the VPN client network interface has IP 10.8.0.2. Port appeared as open.
Now when i tried the same rule on different server, the port appears closed, even i tried to disable client's firewall.
The ifconfig shows the server has only lo, eth0 and tun0 interfaces so eth0 should be correct.
Please what is the commands you would do to discover where the incoming traffic is stuck?
some details about the server:
Redhat based CentOS 7, kernel 3.10, iptables v1.4.21
lsmod|grep nat
Quote:
xt_nat 12681 6 nf_nat_masquerade_ipv4 13430 1 ipt_MASQUERADE iptable_nat 12875 1 nf_nat_ipv4 14115 1 iptable_nat nf_nat 26583 3 nf_nat_ipv4,xt_nat,nf_nat_masquerade_ipv4 nf_conntrack 139224 5 nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_ipv4 ip_tables 27126 5 iptable_security,iptable_filter,iptable_mangle,iptable_nat,iptable_raw libcrc32c 12644 3 xfs,nf_nat,nf_conntrack |
iptables-save|egrep -i "reject|drop|deny"
Quote:
:POST_public_deny - [0:0] :PRE_public_deny - [0:0] -A POST_public -j POST_public_deny -A PRE_public -j PRE_public_deny :PRE_public_deny - [0:0] -A PRE_public -j PRE_public_deny :PRE_public_deny - [0:0] -A PRE_public -j PRE_public_deny :FWDI_public_deny - [0:0] :FWDO_public_deny - [0:0] :IN_public_deny - [0:0] -A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol none -j DROP -A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -p udp -m udp --dport 1701 -j DROP -A FORWARD -m conntrack --ctstate INVALID -j DROP -A FORWARD -j DROP |
iptables-save|egrep -i nat
Quote:
| *nat -A PREROUTING -p tcp -m tcp --dport 12345 -j DNAT --to-destination 127.0.0.1:1082 -A PREROUTING -s 107.186.1.0/24 -p tcp -m tcp --dport 21 -j DNAT --to-destination 1.2.3.4:21 -A PREROUTING -i eth0 -p udp -m udp --dport 48281 -j DNAT --to-destination 10.8.0.2:48281 -A PREROUTING -i eth0 -p udp -m udp --dport 8889 -j DNAT --to-destination 10.8.0.2:8889 -A PREROUTING -i eth0 -p tcp -m tcp --dport 48280-j DNAT --to-destination 10.8.0.2:48280 -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to-source 1.2.3.4 |
Regarding client, it is Windows 10