You are not logged in.
- Topics: Active | Unanswered
#1 2011-09-11 17:23:52
- Daethorian
- Member
- From: Stockholm, Sweden
- Registered: 2010-10-21
- Posts: 17
iptables port forwarding (and/or cleanup)
I am trying to set open a port with iptables, and I just can't seem to make it work.
My problem is this:
I run xbmc on a diskless Arch box. The diskless box is given its root and its media from my server. My server has two network cards, one (called lan: serves 192.168.0.0/28) that is dedicated and only serves to the diskless box (192.168.0.13), and another (called wan, obtains 192.168.1.4) that is connected to the home network.
I want to be able to control xbmc from my Android phone via the awesome official remote control app. To do that, I need to forward connections from the server to the diskless box. I've chosen port 5000 since 8080 is already occupied on the server.
I can't get that to work for the life of me.
I have read multiple guides, looked in these forums, googled for hours and tried several different solutions. I have set up POSTROUTING and FORWARD rules as explained.
My iptables.rules is unfortunately pretty complex. I once installed shorewall in hope that it would make iptables more comfortable. It only made it worse, and it added alot of lines to the rules. Every time I've tried to be KISS about it and removed stuff that seems unnecessary, something unexpected breaks. As a result I am very cautious about the file, and there might be a rule in there that stops my desired forwarding from happening. If you can give any pointers about rules that seem unnecessary or outright harmful, please point them out for me.
In the file line 13, 58 and 71 are the ones related to this forwarding.
Neither the port opening or the port forwarding seems to work. If I do netcat -l -p 5000 on my server and echo "lolhax" | netcat 192.168.1.4 5000 on my laptop, I don't get a connection. Furthermore, netcat -l -p 5000 on the diskless box and echo "lolhax" | netcat localhost 5000 fails aswell.
tl;dr summary:
I want to open port 5000 on my server (192.168.1.4) and forward it to my diskless xbmc box (192.168.0.13). It just won't work.
Help would be incredibly appreciated! Please make iptables love me again!
Offline
#2 2011-09-11 23:33:51
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,224
- Website
Re: iptables port forwarding (and/or cleanup)
I want to open port 5000 on my server (192.168.1.4) and forward it to my diskless xbmc box (192.168.0.13). It just won't work.
Shorewall has made a bit of a mess of those rules... But what you have should be working. Are you trying to connect to 192.168.0.13 or 192.168.1.4 from the Android? As a side note, you should be able to actually route this traffic properly instead of having to screw around with NAT...
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
#3 2011-09-12 07:08:55
- Daethorian
- Member
- From: Stockholm, Sweden
- Registered: 2010-10-21
- Posts: 17
Re: iptables port forwarding (and/or cleanup)
I am connecting to 192.168.1.4, since I figured the 192.168.0.0/28 network would be unavailable from the home network.
Properly route the traffic without NAT sounds like an awesome idea. Could you give me some pointers to how I would do that?
Offline
#4 2011-09-12 11:37:47
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,224
- Website
Re: iptables port forwarding (and/or cleanup)
Properly route the traffic without NAT sounds like an awesome idea. Could you give me some pointers to how I would do that?
It would be much awesomer 
Can you give me a better idea of your network? A picture perhaps? Is the computer that is connected to both networks also your internet gateway/router?
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
#5 2011-09-12 11:40:31
- Daethorian
- Member
- From: Stockholm, Sweden
- Registered: 2010-10-21
- Posts: 17
Re: iptables port forwarding (and/or cleanup)
I'll dribble something down when I get off work in a couple of hours! Thanks for your helps! 
Offline
#6 2011-09-12 16:08:58
- Daethorian
- Member
- From: Stockholm, Sweden
- Registered: 2010-10-21
- Posts: 17
Re: iptables port forwarding (and/or cleanup)
Image alert!
I think I have been illustrative, in spite of my appearantly lacking GIMP hax0r skills.
Offline
#7 2011-09-12 23:07:38
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,224
- Website
Re: iptables port forwarding (and/or cleanup)
So the router on the left is your internet connection also?
What is the default route for the hosts on each network?
You'll probably just need to add a static route on the device in the "WAN" network (on the left) for 192.168.0.0/28 via 192.168.1.4
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
#8 2011-09-14 09:38:22
- Daethorian
- Member
- From: Stockholm, Sweden
- Registered: 2010-10-21
- Posts: 17
Re: iptables port forwarding (and/or cleanup)
So the router on the left is your internet connection also?
Ah, yes it is. I didn't mention it since I figured it didn't relate to these issues!
What is the default route for the hosts on each network?
The XBMC box goes to 192.168.0.1 (the lan card on the server), the server and the Android goes to 192.168.1.1 (the router). The router has my public IP.
You'll probably just need to add a static route on the device in the "WAN" network (on the left) for 192.168.0.0/28 via 192.168.1.4
What kind of iptables directibe would I use for that? FORWARD?
Offline
#9 2011-09-14 23:12:44
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,224
- Website
Re: iptables port forwarding (and/or cleanup)
Yes, to allow the traffic through the "middle" server will just require rules in "FORWARD" chain.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline