Networking :: IP Forwarding Not Working On Centos Server
Jan 18, 2010
I am setting up a new server with 2 nics installed. Nic0 goes to the firewall and nic1 goes to the internal engineering network.
Problem is Ip forwarding is not working!
Particulars:
Server Name - slick
Firewall Name - gateone
engineering node - crooked
Routing on slick:
From crooked ( which is inside the server (slick) with an ip address of xx.xx.221.249 the only way I can ping or anything outside of the firewall ( gateone) is to turn on IPtables with this configuration:
I don't want to use IPtables. I need the ip forwarding to work.
I'm trying to set up my CentOS 5 box as a gateway for my home network.I've set up dhcp on my internet interface (eth0) and dhcpd on my LAN interface (eth1).I can browse the internet from my CentOS 5 box.I can ping the CentOS 5 box from my LAN.However, I can't browse the internet from my LAN.I've enabled IP forwarding in /etc/sysctl.conf and I've disabled my firewall. I've saved these changes and rebooted. Again, no internet browsing from my LAN.
I have just recently switched my setup to have my server be in the middle of traffic and act as my new router while making my other routers just switches. However, after doing this I can no longer access my UPnP devices. They used to show up in my router but I am assuming either there is an issue with my iptables rules or that some how having my server run the dhcp and dns routing is messing with UPnP.
i am forwarding HTTP request to a internal server, it is quiet successful but access logs donot show the ip of the external m/c. Rather it shows the ip of the machine on which i have enabled port forwarding.
Can anyone here point me to a walk-through or discussion of how to use Webmin to set up port forwarding/NAT on a dual-NIC Centos 5.3 box? The layout will be simple:
Internet --- NIC1 [CentOS Box] NIC2 --- Switch to other PCs
We have a BUNCH of exposed services that are on special ports -- for example, to connect to one machine, you go in with [IP_Address]:12000, and to connect to another, [IP_Address]:12002, etc., etc. We're currently using OpenSuse 10.3 on this box, and YaST makes this criminally easy (you give it the incoming port number and the destination IP/port numbers and it just works). But OpenSuse 10.3 is nearing EOL, we're buying a new machine, and I'd like to use CentOS on the new one.
I've read the sparse Webmin documentation in their Wiki, and it leads one to believe that you simply insert a "NAT" rule. But there's obviously something they're leaving out. I *am* opening the ports in the firewall. But when I log in to [IP_Address]:port, it just times out. The port forwarding never occurs. The test in this case is SSH, and I know that SSHD is working properly because I can log into that machine just fine from another PC on the same internal subnet.
Pre-exsisting issue from 9.04 server, and has never worked right for me. When I try to open an X11 forwarded app on a mac using the command "ssh -X myusername@serverIP" Other linux machines have similar issues from terminal. I can login just fine and preform any actions I want that do not require X11 forwarding, like say firefox or a manager. I just get the error "Error: no display specified" when trying to do anything with X11 forwarding. I have almost no Linux experience but from tinkering and my friends tinkering wonder if I have a x authority issue.
At one point I had ubuntu desktop package installed (forwarding still did not work then), did a unclean uninstall of it installed Xubuntu. Xubuntu did nothing but throw fits saying I did not have authority to preform all sorts of actions, many relating to root access. This box is meant to be a headless file, print and web server with the ability to login remotely as a convince for administration. I have given up on having a working GUI of any kind on this box. I really do not want to reinstall because of the amount of data on the main partition. What can I start trying to look into?
I have the following setup and Im trying to forward all incoming connection on port 1194 on eth2 which is the external network to ip 192.168.10.100, but seems its not working.
Current config:
# Generated by iptables-save v1.3.8 on Sun Nov 16 00:00:54 2008 *nat :PREROUTING ACCEPT [26751696:2175544875] :POSTROUTING ACCEPT [339911:19096812]
and the same its not working. Connecting thru telnet to the domain: telnet mydomain.org 1194 doesnt work, but within the server, running telnet 192.168.10.100 1194 it works.
I am trying to redirect my display from a debian box that I ssh into to my laptop. I connect using
Code: $ssh -vv -XC remote.host and in the debug messages all I get about X is this
Code: debug1: Requesting X11 forwarding with authentication spoofing. Once I'm connected, X forwarding does not work. For example, when I try and start, say, xcalc, I get
Code: $xcalc & Error: Can't open display:
It seems that the problem is the $DISPLAY variable is not set on the remote machine (echo $DISPLAY doesn't return anything), but from what I read, sshd is responsible for setting this variable, as long as "X11Forwarding yes" is uncommented in the /etc/ssh/sshd_config file (which I made sure is true). Is there any other reason why sshd won't open a display on the remote host?
I was able to do on Debian and Ubuntu Servers X applications running on remote servers where I was able to login via SSH. Tried the same with CentOS did not worked. in /etc/ssh/sshd_config
I am running Fedora Core 10 and KDE 4.2.1. My KTorrent is having trouble finding online peers lately. I suspect this is a port forwarding issue. I have set up my router to forward port 4444 (UDP) and port 56000 and more (TCP) to my machine's IP address. I have also set my local firewall (system-config-firewall) to allow these ports through.But when I try to test ports 4444 and 56000 via this Open Port Check Tool, it tells me they are closed
I've used iptables since it replace ipchains, and I've never had a problem like this.The problem is, as you can see by the title, that port forwarding simply does not work.
network topology: Slackware Linux Server: eth0 - LAN (192.168.0.0/25) eth1 - DSL Static IP eth2 - cable Static IP
eth1 is our standard office connection; it handles all of our default traffic (web browsing for the staff, email, etc). eth2 is our VPN connection, as well as use for all incoming connections (www, etc). Behind the linux box I have a series of Windows Server 2008 R2 boxes that are used to run our office software, website, etc - I don't care how nice they make their products these days, I simply don't trust any MS box open to the net. Therefore, this leaves me with having to port forward port 80 from eth2 to the internal IP address of the web server.
My ruleset is as follows:
$WWW - ip address of the web server iptables -A FORWARD -d $WWW -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to $WWW
Running ip route shows that I have routing entries for all 3 networks, and I can ping, ssh, etc to any of the addresses without issue. OpenVPN connects across eth2 as well, and all 15 of my VPN tunnels work fine. However - and here's the kicker - if I delete the default route and replace it with the route for eth2, port forwarding works fine.
1) ssh to a remote centos server using X11 forwarding 2) open the virt-manager remote application (the virtualization management app) 3) Open the remote console
Just to be clear, my local X11 crashes. I get back to the log in screen.
I get in my Xorg log:
Backtrace:
Fatal server error:
-Is this enough for a bug report? -How I can make X dump a core file for better debugging? -Do -debug RPM packages still exist, and if so, should I install one for the X server and will this help with debugging, and if so, how do I install it.
For the background, I'll be using my router as a firewall with snort-inline enabled. I got 3 NIC's: one for the WAN, the second will be bridged to the WAN NIC for queuing traffic which snort-inline requires, and the third is the LAN NIC (the computer I use for everyday work). Here's how I have my interfaces set up:
Code:
# /etc/network/interfaces # Loopback interface auto lo iface lo inet loopback
[code]....
From what I understand, queuing needs to be set up on the bridge. From the documentation I've read it's done like this:
Code:
iptables -A INPUT -j QUEUE And then to forward traffic, I did:
Code:
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
I've done this and am able to ping the router, obtain a DNS address from dnsmasq from the LAN computer. From the router I am able to connect to the internet (ping, links <address>...). From the LAN computer trafficking isn't getting forwarded, Firefox, links, ping all don't resolve.
I don't think there is a hidden firewall in the switch but if these commands are correct, then I may need to contact my ISP and see if they are blocking the commands. I just wanted to make sure I was not doing some stupid mistake before I try to contact my ISP.
EDIT: Also, is it possible to forward Port 80 requests to different servers depending on the hostname used to connect, so say [URL] redirects to server xxx.xxx.xxx.15 while hhh.com redirects to xxx.xxx.xxx.16?
I'm running Centos 2.6.18-53.1.13.el5 in a VM. Currently I'm studying for my RHCT.I'm trying to enable IP forwarding so I edited this line in the /etc/sysctl.conf:
# Controls IP packet forwarding net.ipv4.ip_forward = 1 Then I ran sysctl -p
I have recently installed Centos 5.4 on a server with 3 network cards. I am trying to enable IP forwarding which has been successful by executing the following command:
echo 1 > /proc/sys/net/ipv4/ip_forward
I tried to make this permanent by adding net.ipv4.conf.default.forwarding=1 to the /etc/sysctl.conf file.
When I restart the network service I get the following code...
I have two PC's, one with slackware and one with arch, and I am trying to access the web server from the archlinux machine but i haven't manage to do that. The archlinux machine is connect to the internet via the slackware machine via a crossover cable: internet > eth0 (pc1) and ppp0 (the PPPoE connection, pc1) > eth1 (pc1) > eth0 (pc2)
pc2: ifconfig eth0 192.168.0.2 netmask 255.255.255.0 ifconfig eth0 up route add default gw 192.168.0.1 eth0 /etc/resolv.conf (The same DNS as the first PC)
And now the internet is working and on the archlinux machine, but I am not able to access the web server from LAN with a public IP. I tried many iptables port forwarding commands but none worked.
This should be easy but for some reason its not working. I don't have admin rights on one of my local networks to open the firewall for port 80 to make my server accessible remotely (from the internet). I have a remote server (OpenVZ VPS) and I want to port forward so that [url]:8080 will point to my localhost:80 from the internet itself (i can get it to work on the remote VPS server's local network)...
How could I accomplish this? Basically, I am trying to serve webpages from behind a firewall using a VPS as a hub.
I set up a dynamic DNS address for my home network. Let's call it [URL]. Then I set up one of my machines with a bind9 DNS server and pointed my router's DNS setting to it. I did this so that I could resolve awesome.server.com from machines inside my network and have them correctly find my server. Then I set up a second machine to serve web pages using [URL]. I did this by forwarding port 9200 on my router to port 80 on that machine. This works, but of course, it only works from outside my network.
What is the best way to get [URL] to work from inside my network?
I've tried setting up the iptables on my server to forward that port, but it just times out. I used these rules that I found by searching the internet:
Code: iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 9200 -j DNAT --to 192.168.0.300:80 iptables -A INPUT -p tcp -m state --state NEW --dport 9200 -i eth1 -j ACCEPT
However, those rules might be failing because they are intended to forward ports requested from outside the network. I must admit, this iptables stuff is way, way over my head. Is there a different method that I must use to make it work inside my network? Or is there a better way besides iptables?
I'm trying to get my SSH server I set up on my home box working from behind a router. A 2wire 2700HG-B gateway, in fact. Now, I know my server is working fine, because I can get into it via loopback, anywhere inside the LAN from another machine, OR if I go into the router's config and enable DMZ for the machine. However, I don't like having DMZ on all the time because of the kludge-ness of it, and the security issue of the complete absence of a hardware firewall.If I try to port forward and access it from outside the LAN using the external IP (or my DynDNS, because it's dynamic), it just times out. I have a nonstandard port (45) for the listen port of the server, to keep away hack attempts if I were using the standard 22. I used this to see if the port was open, and it said it was. But, I tried the trick of telnetting the IP with that port, and it also timed out, instead of printing stuff about OpenSSH.
Attached is a screenie of my router's firewall page, so you all can look at it and see if I'm an idiot and doing it wrong. You might notice uTorrent there, it's because this machine is a dual-boot with 7, and the router doesn't differentiate the OS's. Also the SSH @ 46 port is for the Windows side, with freeSSHd. I changed the port on that one so the client I have can distinguish them, so it can run a reachability test.
I'm trying to enable port forwarding so I can use my computer as an FTP server to some friends. Here's my setup:
CLEAR wireless modem <--> LAN port 4 on router (not WAN) and LAN port 1 on router <---> eth0 in Ubuntu 9.10
The modem acts as a DHCP server which successfully assigns an IP address to my desktop system. I can also go onto the internet just fine on my desktop, and any other computer that connects to the router.
I have enabled port forwarding on the modem (not the router because it's being used as a switch, and not using its WAN port) to forward ports 21 and 80 to my desktop. What I don't understand, though, is that when I try to FTP to the modem's WAN IP address, the connection is refused. However, when I use websites such as:
They say ports 21 and 80 are open (and not other random ports like 22 or 23 which I tried to see if the site simply said everything was open) but I cannot access my site from a web browser.
I was wondering what it was that's stopping computers from the Internet from communicating with my computer? The modem? The router? Configs?
I am setting up Apache (Fedora 12) inside my home network. From inside my home network I access it without any problem. I need to set it up to access it from internet. I have the following questions. Here is temporary setup for testing purpose. Internet-->ADSL modem (SEIMENS Speed Stream 4200)---> Apache (Fedora 12)
1. Do I have to do any kind of ports forwarding on ADSL modem. (There is no option to do port forwarding on Modem) May be I need different Model of Modem?? 2. I tired to Ping my real IP for modem form another computer from internet. I am even unable to PING the ADSL 's real IP. Why it is that?
I have just set up shorewall on my router running Arch Linux. The external network is on eth0 and the internal network on eth1.I have set it up for masquerading and that works fine and I can open ports to the firewall. But I'm having trouble with port forwarding to my internal machines.The problem I have is that when port 22350 is forwarded to 192.168.1.3 on my local network, checking the port with nmap from a remote computer gives me:
first of all, ill provide you with the package name i got [URL]...i went to /usr/src/redhat/SOURCES/bwbar-1.2.2 did ./configure ; make
then i get this problem : [root@server bwbar-1.2.2]# ./bwbar ./bwbar: /usr/local/lib/libpng12.so.0: no version information available (required by ./bwbar) i have installed libpng & libpng-devel
[Code]...
after looking around a bit i thought it would be better to get the sources from kernel.org directly and try to compile that one, but then i found it to have the exact same error. would be very nice if someone could direct me to a solution for this. i have the bwbar already installed on another server which runs CENTOS 4 , i installed it there AGES ago , so i dont really remember what was my method back then.
the CENTOS 5 server dose not like me installing bwbar on it for some reason. maybe its bwbar's fault?, im no coder so i hope anyone that got a clue could check this out for me.
I installed the latest version of Centos 5.4.It came with Xen version 3.0.2 I think.I am running it on a Dell R510. It supports hardware virtualization.I was able to virtualize Windows XP and Windows 2003 server on it by selecting the install from DVD option.I was having problems trying to get a PCI DekTek card seen by the virtualized Windows domains so I tried to upgrade XEN to 3.4.2.I used the repos available from Gitmo and it went easy.
The only problem is now that when I try to create a "New virtual host" it only allows me to use HTTP, FTP option and not the iso or DVD option. They are greyed out. I was wondering if anyone has had this problem and might know a work around for the Xen 3.4.2 problem. Perhaps a better location for the kernel or something.
I installed CentOS. NetworkManager successfully installed and launched. I can ping any IP from terminal but I can't open any site in browser except 127.0.0.1 I can't open IP of the modem 192.168.1.1 in browser also.
I am running opensuse11.4. When trying to forward emails I can only do so as attachment. When I click and hold to select the forward inline option I get an empty email - same as if I would have clicked new. The same happens when I place the inline button on to the toolbar. Is this a bug with Kmail or is there another setting to forward mail inline?
Got Ubuntu Server 10.10 installed as a virtual machine (vmware). When i forward X through SSH (putty) i can start xeyes, xcalc,etc.
Now when i disable ipv6 putty can't set the display variable and i get "Error: can't open display". I haven't changed anything in putty or win 7 (the host system).
I disable ipv6 by putting these lines in /etc/sysctl.conf
I am using ubuntu 8.40 as a router wit 2 nic.eth0 is for local and eth1 is for external network.i have a internal webserver in my lan and want to forward some ports to the net and i executed te following commands.
