I have a f15 box acting as gateway behind a adsl modem. This have a working masquerade set up. I also have another network with a f9 box that works with both masq and port forwarding.
My goal is to port forward 8000 external to 80 internal. I have this working on the f9 server.
So far this is what I've tested to debug:
- Open port 8000 on gateway to check that modem forwards port correctly. This is working, and can see gateway trough modem (telnet [whatismyip] 8000) replies.
- Turn of httpd on gateway, before any rule put in, and telnet to port 8000 refuses connection as it should
- add nat rule for external interface to forward 8000 to server-on-internal-network:80. When I telnet to the fc9 network this connect me to the internal server, and using a browser to connect to [whatismyip]:8000 give me the internal servers index file like I expect.
---> on f15 network the same make telnet time out (so result differs from when iptables rule not applied), and kernel adds a line to /var/log/system.
Oct 3 14:12:01 servername kernel: [ 450.734173] IN=p2p1 OUT=em1 MAC=xxxxx SRC=(ip where I test from the big internet) DST=(internal server ip address) LEN=60 TOS=0x00 PREC=0x00 TTL=35 ID=25447 DF PROTO=TCP SPT=23148 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
- iptable -t nat -vnL --line-numbers show that the rule receives packets
SELINUX is disabled. Is there any other things that could be blocking the port forward. I see polkit running when I ps the system, and that is not installed on my fc9 server, could polkit
do something that stops the portforward?
I've ran out of ideas on how to debug this one, and would really appreciate some fresh ideas on how to find out what is blocking my port forward
---------- Post added at 10:00 AM ---------- Previous post was at 09:21 AM ----------
It turned out to be something really simple, the example I followed allowed onlu existing and related connections in, once I replaced the "ESTABLISHED,RELATED" rule on FORWARD with a more open rule (to be honest allow everything), the port forward started working as expected.