I'm trying to forward external connections on port 2222 to SSH port 22 in the DMZ.
External clients don't seem to be able to connect though.
Also, I've tried forwarding 2222 to 80 in the DMZ and trying netscape with port 2222, but it can't connect either.
I've added a service on port 2222, and in DNAT, tried to send it to the "webserver" in the dmz on port SSH or HTTP, and added rules in the packetfilter, but it's not working.
80 - dmz works fine from outside, but I can't get the port translation working. Please advise.
Thanks,
Barry
Current packet filter rules
Chain INPUT (policy DROP)
target prot opt source destination
LOCAL all -- 0.0.0.0/0 0.0.0.0/0
PSD_MATCHER all -- 0.0.0.0/0 0.0.0.0/0
FIX_CONNTRACK all -- 0.0.0.0/0 0.0.0.0/0
AUTO_INPUT all -- 0.0.0.0/0 0.0.0.0/0
TTT_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
LOGDROP all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
LOCAL all -- 0.0.0.0/0 0.0.0.0/0
PSD_MATCHER all -- 0.0.0.0/0 0.0.0.0/0
FIX_CONNTRACK all -- 0.0.0.0/0 0.0.0.0/0
AUTO_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
USR_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
LOGDROP all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP)
target prot opt source destination
LOCAL all -- 0.0.0.0/0 0.0.0.0/0
FIX_CONNTRACK all -- 0.0.0.0/0 0.0.0.0/0
AUTO_OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
TTT_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
LOGDROP all -- 0.0.0.0/0 0.0.0.0/0
Chain AUTO_FORWARD (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain AUTO_INPUT (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
LOGDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:443
LOGDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:443
ACCEPT tcp -- 0.0.0.0/0 192.168.11.254 tcp spts:1024:65535 dpt:1080
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain AUTO_OUTPUT (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 192.168.11.254 0.0.0.0/0 udp spts:1024:65535 dpt:139
ACCEPT udp -- 24.0.194.133 0.0.0.0/0 udp spts:1024:65535 dpt:139
ACCEPT udp -- 10.0.0.254 0.0.0.0/0 udp spts:1024:65535 dpt:139
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain FIX_CONNTRACK (3 references)
target prot opt source destination
LOGDROP tcp -- 24.5.153.54 24.0.194.133 tcp spt:62191 dpt:2222
LOGDROP tcp -- 24.0.194.133 24.5.153.54 tcp spt:2222 dpt:62191
Chain LOCAL (3 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain LOGDROP (7 references)
target prot opt source destination
LOG tcp -- 0.0.0.0/0 0.0.0.0/0
LOG udp -- 0.0.0.0/0 0.0.0.0/0
LOG esp -- 0.0.0.0/0 0.0.0.0/0
LOG ah -- 0.0.0.0/0 0.0.0.0/0
LOG icmp -- 0.0.0.0/0 0.0.0.0/0
LOG all -f 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain PSD_ACTION (2 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain PSD_MATCHER (2 references)
target prot opt source destination
PSD_ACTION tcp -- 0.0.0.0/0 0.0.0.0/0 psd options
PSD_ACTION udp -- 0.0.0.0/0 0.0.0.0/0 psd options
Chain TTT_ACCEPT (2 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:8080
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1:65535 dpt:222
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpts:33000:34000
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 code 0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:113
Chain USR_FORWARD (1 references)
target prot opt source destination
ACCEPT all -- 10.0.0.0/8 0.0.0.0/0
ACCEPT all -- 172.16.0.0/12 0.0.0.0/0
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/24 tcp spts:1024:65535 dpt:80
ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/24 tcp spts:1024:65535 dpts:20:21
ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/24 tcp spts:1024:65535 dpt:21
ACCEPT tcp -- 146.12.3.0/24 192.168.11.25 tcp spts:1024:65535 dpt:110
ACCEPT tcp -- 207.251.131.30 192.168.11.25 tcp spts:1024:65535 dpt:110
ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/24 tcp spts:1024:65535 dpt:2222
ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/24 tcp dpt:22
Current NAT rules
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PSD all -- 0.0.0.0/0 0.0.0.0/0 PSD options
SPOOF_DROP all -- 0.0.0.0/0 0.0.0.0/0
AUTO_NAT_PRE all -- 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
AUTO_NAT_POST all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
AUTO_NAT_OUT all -- 0.0.0.0/0 0.0.0.0/0
Chain AUTO_NAT_OUT (1 references)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 24.0.194.133 tcp spts:1024:65535 dpts:20:21 to:10.0.0.10:20-21
DNAT tcp -- 0.0.0.0/0 24.0.194.133 tcp spts:1024:65535 dpt:21 to:10.0.0.10:21
DNAT tcp -- 0.0.0.0/0 24.0.194.133 tcp spts:1024:65535 dpt:80 to:10.0.0.10:80
DNAT tcp -- 0.0.0.0/0 24.0.194.133 tcp spts:1024:65535 dpt:3000 to:192.168.11.25:80
DNAT tcp -- 0.0.0.0/0 24.0.194.133 tcp spts:1024:65535 dpt:110 to:192.168.11.25:110
DNAT tcp -- 0.0.0.0/0 24.0.194.133 tcp spts:1024:65535 dpt:2222 to:10.0.0.10:80
DNAT tcp -- 0.0.0.0/0 24.0.194.133 tcp dpt:22 to:10.0.0.10:22
Chain AUTO_NAT_POST (1 references)
target prot opt source destination
MASQUERADE all -- 10.0.0.0/24 0.0.0.0/0
MASQUERADE all -- 192.168.11.0/24 0.0.0.0/0
Chain AUTO_NAT_PRE (1 references)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 24.0.194.133 tcp spts:1024:65535 dpts:20:21 to:10.0.0.10:20-21
DNAT tcp -- 0.0.0.0/0 24.0.194.133 tcp spts:1024:65535 dpt:21 to:10.0.0.10:21
DNAT tcp -- 0.0.0.0/0 24.0.194.133 tcp spts:1024:65535 dpt:80 to:10.0.0.10:80
DNAT tcp -- 0.0.0.0/0 24.0.194.133 tcp spts:1024:65535 dpt:3000 to:192.168.11.25:80
DNAT tcp -- 0.0.0.0/0 24.0.194.133 tcp spts:1024:65535 dpt:110 to:192.168.11.25:110
DNAT tcp -- 0.0.0.0/0 24.0.194.133 tcp spts:1024:65535 dpt:2222 to:10.0.0.10:80
DNAT tcp -- 0.0.0.0/0 24.0.194.133 tcp dpt:22 to:10.0.0.10:22
Chain LOGDROP (0 references)
target prot opt source destination
LOG tcp -- 0.0.0.0/0 0.0.0.0/0
LOG udp -- 0.0.0.0/0 0.0.0.0/0
LOG esp -- 0.0.0.0/0 0.0.0.0/0
LOG ah -- 0.0.0.0/0 0.0.0.0/0
LOG icmp -- 0.0.0.0/0 0.0.0.0/0
LOG all -f 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain SPOOF_DROP (1 references)
target prot opt source destination
LOG all -- 192.168.11.254 0.0.0.0/0
DROP all -- 192.168.11.254 0.0.0.0/0
LOG all -- 24.0.194.0/24 0.0.0.0/0
DROP all -- 24.0.194.0/24 0.0.0.0/0
LOG all -- 10.0.0.0/24 0.0.0.0/0
DROP all -- 10.0.0.0/24 0.0.0.0/0
LOG all -- 24.0.194.133 0.0.0.0/0
DROP all -- 24.0.194.133 0.0.0.0/0
LOG all -- 192.168.11.0/24 0.0.0.0/0
DROP all -- 192.168.11.0/24 0.0.0.0/0
LOG all -- 10.0.0.0/24 0.0.0.0/0
DROP all -- 10.0.0.0/24 0.0.0.0/0
LOG all -- 10.0.0.254 0.0.0.0/0
DROP all -- 10.0.0.254 0.0.0.0/0
LOG all -- 192.168.11.0/24 0.0.0.0/0
DROP all -- 192.168.11.0/24 0.0.0.0/0
LOG all -- 24.0.194.0/24 0.0.0.0/0
DROP all -- 24.0.194.0/24 0.0.0.0/0
[ 05 July 2001: Message edited by: barrygould ]
Guest User!
You are not Sophos Staff.
