Welcome, Guest. Please login or register.
Did you miss your activation email?
Monday 25 November 2024, 12:27:32 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Portforwarding with incoming IP - EFW Community 3.0
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Portforwarding with incoming IP - EFW Community 3.0  (Read 23968 times)
gbarchi
Jr. Member
*
Offline Offline

Posts: 2


« on: Friday 12 September 2014, 02:24:11 am »

Hello,

I have been trying to get portforwarding working with an incoming IP and it is not working. If I donīt set an incoming portforwarding works well.

I think this might be a bug:

iptables -L shows

Chain PORTFWACCESS (1 references)
target     prot opt source               destination
NFLOG      tcp  --  anywhere             192.168.0.131     tcp dpt:http nflog-prefix "PORTFWACCESS:ALLOW:1"
ALLOW      tcp  --  anywhere             192.168.0.131     tcp dpt:http
NFLOG      tcp  --  anywhere             192.168.0.131     tcp dpt:ms-sql-s nflog-prefix "PORTFWACCESS:ACCEPT:2"
ACCEPT     tcp  --  anywhere             192.168.0.131     tcp dpt:ms-sql-s
NFLOG      tcp  --  anywhere             192.168.0.131     tcp dpt:https nflog-prefix "PORTFWACCESS:ALLOW:3"
ALLOW      tcp  --  anywhere             192.168.0.131     tcp dpt:https

The HTTPS rule is the one that is not working. Iptables shows source being "anywhere", however, Endian has been configured to restrict incoming connections only to IP 200.120.10.3.

This can be seen here, which is a file where Endian saves the portforwarding rules, and itīs under:

/etc/firewall/dnat/iptablesdnat

iptables -t nat -F PORTFW
iptables -F PORTFWACCESS
iptables -t nat -F POSTPORTFW
iptables -t nat -A PORTFW -s 0/0 -d 157.100.157.80 -j DNAT -p tcp --dport 80 --to-destination 192.168.0.131:80
iptables -t filter -A PORTFWACCESS -s 0/0 -d 192.168.0.131 -p tcp --dport 80 -j NFLOG --nflog-prefix 'PORTFWACCESS:ALLOW:1'
iptables -t filter -A PORTFWACCESS -s 0/0 -d 192.168.0.131 -p tcp --dport 80 -j ALLOW
iptables -t nat -A PORTFW -s 0/0 -d 157.100.157.80 -j DNAT -p tcp --dport 1433 --to-destination 192.168.0.131:1433
iptables -t filter -A PORTFWACCESS -s 0/0 -d 192.168.0.131 -p tcp --dport 1433 -j NFLOG --nflog-prefix 'PORTFWACCESS:ACCEPT:2'
iptables -t filter -A PORTFWACCESS -s 0/0 -d 192.168.0.131 -p tcp --dport 1433 -j ACCEPT
iptables -t nat -A PORTFW -s 0/0 -d 200.120.10.3 -j DNAT -p tcp --dport 443 --to-destination 192.168.0.131:443
iptables -t filter -A PORTFWACCESS -s 0/0 -d 192.168.0.131 -p tcp --dport 443 -j NFLOG --nflog-prefix 'PORTFWACCESS:ALLOW:3'
iptables -t filter -A PORTFWACCESS -s 0/0 -d 192.168.0.131 -p tcp --dport 443 -j ALLOW

Notice how in this file, the source IP (200.120.10.3) does show.

It seems Endian is not passing on to Iptables the complete rule.

Any ideas?

Thanks!




Logged
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #1 on: Monday 15 September 2014, 08:18:24 pm »

try

iptables -t nat -L

too
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
gbarchi
Jr. Member
*
Offline Offline

Posts: 2


« Reply #2 on: Monday 17 November 2014, 01:01:55 pm »


Hello mmiat, thanks for your reply, with  iptables -t nat -L it shows that the rule is there, but the connection keeps getting dropped.

Chain PORTFW (2 references)
target     prot opt source               destination
DNAT       tcp  --  anywhere             43.CMCD-186-55-100.gye.satnet.net tcp dpt:ms-sql-s to:192.168.0.131:1433


Firewall   2014-11-16 20:55:02   INPUT:DROP TCP (eth1) 186.55.100.43:6187 -> 190.12.54.42:1433

Again, if I take out the IP the rule works, it only stops working when I set an IP.

This is driving me crazy. I need this too work.

Any ideas?

Thank you.
Logged
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #3 on: Saturday 22 November 2014, 01:52:45 am »

I think that MSSQL need UDP 1434 too to properly work
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
FSP_0918
Jr. Member
*
Offline Offline

Posts: 1


« Reply #4 on: Saturday 21 February 2015, 04:55:11 am »

Ditto.   Same problem here.   May need to downgrade, this is a critical feature.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com