EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Saturday 23 November 2024, 10:31:34 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the official Endian Community Mailinglist
HERE
14258
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
Portforwarding with incoming IP - EFW Community 3.0
0 Members and 0 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Portforwarding with incoming IP - EFW Community 3.0 (Read 23917 times)
gbarchi
Jr. Member
Offline
Posts: 2
Portforwarding with incoming IP - EFW Community 3.0
«
on:
Friday 12 September 2014, 02:24:11 am »
Hello,
I have been trying to get portforwarding working with an incoming IP and it is not working. If I donīt set an incoming portforwarding works well.
I think this might be a bug:
iptables -L shows
Chain PORTFWACCESS (1 references)
target prot opt source destination
NFLOG tcp -- anywhere 192.168.0.131 tcp dpt:http nflog-prefix "PORTFWACCESS:ALLOW:1"
ALLOW tcp -- anywhere 192.168.0.131 tcp dpt:http
NFLOG tcp -- anywhere 192.168.0.131 tcp dpt:ms-sql-s nflog-prefix "PORTFWACCESS:ACCEPT:2"
ACCEPT tcp -- anywhere 192.168.0.131 tcp dpt:ms-sql-s
NFLOG tcp -- anywhere 192.168.0.131 tcp dpt:https nflog-prefix "PORTFWACCESS:ALLOW:3"
ALLOW tcp -- anywhere 192.168.0.131 tcp dpt:https
The HTTPS rule is the one that is not working. Iptables shows source being "anywhere", however, Endian has been configured to restrict incoming connections only to IP 200.120.10.3.
This can be seen here, which is a file where Endian saves the portforwarding rules, and itīs under:
/etc/firewall/dnat/iptablesdnat
iptables -t nat -F PORTFW
iptables -F PORTFWACCESS
iptables -t nat -F POSTPORTFW
iptables -t nat -A PORTFW -s 0/0 -d 157.100.157.80 -j DNAT -p tcp --dport 80 --to-destination 192.168.0.131:80
iptables -t filter -A PORTFWACCESS -s 0/0 -d 192.168.0.131 -p tcp --dport 80 -j NFLOG --nflog-prefix 'PORTFWACCESS:ALLOW:1'
iptables -t filter -A PORTFWACCESS -s 0/0 -d 192.168.0.131 -p tcp --dport 80 -j ALLOW
iptables -t nat -A PORTFW -s 0/0 -d 157.100.157.80 -j DNAT -p tcp --dport 1433 --to-destination 192.168.0.131:1433
iptables -t filter -A PORTFWACCESS -s 0/0 -d 192.168.0.131 -p tcp --dport 1433 -j NFLOG --nflog-prefix 'PORTFWACCESS:ACCEPT:2'
iptables -t filter -A PORTFWACCESS -s 0/0 -d 192.168.0.131 -p tcp --dport 1433 -j ACCEPT
iptables -t nat -A PORTFW -s 0/0 -d 200.120.10.3 -j DNAT -p tcp --dport 443 --to-destination 192.168.0.131:443
iptables -t filter -A PORTFWACCESS -s 0/0 -d 192.168.0.131 -p tcp --dport 443 -j NFLOG --nflog-prefix 'PORTFWACCESS:ALLOW:3'
iptables -t filter -A PORTFWACCESS -s 0/0 -d 192.168.0.131 -p tcp --dport 443 -j ALLOW
Notice how in this file, the source IP (200.120.10.3) does show.
It seems Endian is not passing on to Iptables the complete rule.
Any ideas?
Thanks!
Logged
mmiat
Sr. Member
Offline
Gender:
Posts: 236
Re: Portforwarding with incoming IP - EFW Community 3.0
«
Reply #1 on:
Monday 15 September 2014, 08:18:24 pm »
try
iptables -t nat -L
too
Logged
---------------------
IT Consultant
www.fsw.it
Hardware & Software
gbarchi
Jr. Member
Offline
Posts: 2
Re: Portforwarding with incoming IP - EFW Community 3.0
«
Reply #2 on:
Monday 17 November 2014, 01:01:55 pm »
Hello mmiat, thanks for your reply, with iptables -t nat -L it shows that the rule is there, but the connection keeps getting dropped.
Chain PORTFW (2 references)
target prot opt source destination
DNAT tcp -- anywhere 43.CMCD-186-55-100.gye.satnet.net tcp dpt:ms-sql-s to:192.168.0.131:1433
Firewall 2014-11-16 20:55:02 INPUT:DROP TCP (eth1) 186.55.100.43:6187 -> 190.12.54.42:1433
Again, if I take out the IP the rule works, it only stops working when I set an IP.
This is driving me crazy. I need this too work.
Any ideas?
Thank you.
Logged
mmiat
Sr. Member
Offline
Gender:
Posts: 236
Re: Portforwarding with incoming IP - EFW Community 3.0
«
Reply #3 on:
Saturday 22 November 2014, 01:52:45 am »
I think that MSSQL need UDP 1434 too to properly work
Logged
---------------------
IT Consultant
www.fsw.it
Hardware & Software
FSP_0918
Jr. Member
Offline
Posts: 1
Re: Portforwarding with incoming IP - EFW Community 3.0
«
Reply #4 on:
Saturday 21 February 2015, 04:55:11 am »
Ditto. Same problem here. May need to downgrade, this is a critical feature.
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.109 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com