PDA

View Full Version : Port Forwarding

xptical
07-19-2005, 08:31 PM
Hi all,

I'm trying to use my Unixshell server to act as a OpenVPN gateway for some online gaming.

Basicly, the game wants all the clients to have TCP and UDP 2934 and 2935 open. Because my home computer is behind a NAT, I figured I could just VPN out and try it.

Here are the iptables lines I'm using.


# Basic NAT for my private IP space.
iptables -t nat -A POSTROUTING -s 172.16.99.0/24 -o eth0 -j MASQUERADE

# TCP/UDP mapping from Internet to private IP
iptables -t nat -A PREROUTING -p udp --dport 2934 -i eth0 -j DNAT --to 172.16.99.6
iptables -t nat -A PREROUTING -p udp --dport 2935 -i eth0 -j DNAT --to 172.16.99.6
iptables -t nat -A PREROUTING -p tcp --dport 2934 -i eth0 -j DNAT --to 172.16.99.6
iptables -t nat -A PREROUTING -p tcp --dport 2935 -i eth0 -j DNAT --to 172.16.99.6

# TCP/UDP mapping from my private IP to the Internet
iptables -t nat -A PREROUTING -p udp --dport 2934 -i tun0 -j DNAT --to 207.210.xxx.xxx
iptables -t nat -A PREROUTING -p udp --dport 2935 -i tun0 -j DNAT --to 207.210.xxx.xxx
iptables -t nat -A PREROUTING -p tcp --dport 2934 -i tun0 -j DNAT --to 207.210.xxx.xxx
iptables -t nat -A PREROUTING -p tcp --dport 2935 -i tun0 -j DNAT --to 207.210.xxx.xxx


It still does not seem to be working.

Is my script mostly right?

Does the upstream provider filter thoes ports?

Thanks.
xptical
07-19-2005, 11:17 PM
OK, here is my finalized iptables script:


# Load the NAT module (this pulls in all the others).
# modprobe iptable_nat

iptables -F
iptables -t nat -F

# In the NAT table (-t nat), Append a rule (-A) after routing
# (POSTROUTING) for all packets going out eth0 (-o eth0) which says to
# MASQUERADE the connection (-j MASQUERADE).
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -t nat -A PREROUTING -p udp --dport 2934:2935 -i eth0 -j DNAT --to 172.16.99.6
iptables -t nat -A PREROUTING -p tcp --dport 2934:2935 -i eth0 -j DNAT --to 172.16.99.6

iptables -t nat -A PREROUTING -p tcp --dport 6881:6999 -i eth1 -j DNAT --to 172.16.99.6
iptables -t nat -A PREROUTING -p udp --dport 29 -i eth1 -j DNAT --to 172.16.99.6
iptables -t nat -A PREROUTING -p tcp --dport 29 -i eth1 -j DNAT --to 172.16.99.6

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
xptical:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT udp -- anywhere anywhere udp dpts:2934:2935 to:172.16.99.6
DNAT tcp -- anywhere anywhere tcp dpts:2934:2935 to:172.16.99.6
DNAT tcp -- anywhere anywhere tcp dpts:6881:6999 to:172.16.99.6
DNAT udp -- anywhere anywhere udp dpt:29 to:172.16.99.6
DNAT tcp -- anywhere anywhere tcp dpt:29 to:172.16.99.6

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
xptical:~#


Unfortunately, it still does not work. Anyone know why?