Hello,
on one server, the iptables rule like:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 48280 -j DNAT --to 10.8.0.2:48280
worked to forward server's incoming traffic at mentioned port into the VPN tunnel where the VPN client network interface has IP 10.8.0.2. Port appeared as open.
Now when i tried the same rule on different server, the port appears closed, even i tried to disable client's firewall.
The ifconfig shows the server has only lo, eth0 and tun0 interfaces so eth0 should be correct.
Please what is the commands you would do to discover where the incoming traffic is stuck?
some details about the server:
Redhat based CentOS 7, kernel 3.10, iptables v1.4.21
lsmod|grep nat
iptables-save|egrep -i "reject|drop|deny"
iptables-save|egrep -i nat
Regarding client, it is Windows 10
on one server, the iptables rule like:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 48280 -j DNAT --to 10.8.0.2:48280
worked to forward server's incoming traffic at mentioned port into the VPN tunnel where the VPN client network interface has IP 10.8.0.2. Port appeared as open.
Now when i tried the same rule on different server, the port appears closed, even i tried to disable client's firewall.
The ifconfig shows the server has only lo, eth0 and tun0 interfaces so eth0 should be correct.
Please what is the commands you would do to discover where the incoming traffic is stuck?
some details about the server:
Redhat based CentOS 7, kernel 3.10, iptables v1.4.21
lsmod|grep nat
xt_nat 12681 6
nf_nat_masquerade_ipv4 13430 1 ipt_MASQUERADE
iptable_nat 12875 1
nf_nat_ipv4 14115 1 iptable_nat
nf_nat 26583 3 nf_nat_ipv4,xt_nat,nf_nat_masquerade_ipv4
nf_conntrack 139224 5 nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_ipv4
ip_tables 27126 5 iptable_security,iptable_filter,iptable_mangle,iptable_nat,iptable_raw
libcrc32c 12644 3 xfs,nf_nat,nf_conntrack
iptables-save|egrep -i "reject|drop|deny"
OST_public_deny - [0:0]
RE_public_deny - [0:0]
-A POST_public -j POST_public_deny
-A PRE_public -j PRE_public_deny
RE_public_deny - [0:0]
-A PRE_public -j PRE_public_deny
RE_public_deny - [0:0]
-A PRE_public -j PRE_public_deny
:FWDI_public_deny - [0:0]
:FWDO_public_deny - [0:0]
:IN_public_deny - [0:0]
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol none -j DROP
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p udp -m udp --dport 1701 -j DROP
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j DROP
iptables-save|egrep -i nat
(1.2.3.4 being server's public IP)*nat
-A PREROUTING -p tcp -m tcp --dport 12345 -j DNAT --to-destination 127.0.0.1:1082
-A PREROUTING -s 107.186.1.0/24 -p tcp -m tcp --dport 21 -j DNAT --to-destination 1.2.3.4:21
-A PREROUTING -i eth0 -p udp -m udp --dport 48281 -j DNAT --to-destination 10.8.0.2:48281
-A PREROUTING -i eth0 -p udp -m udp --dport 8889 -j DNAT --to-destination 10.8.0.2:8889
-A PREROUTING -i eth0 -p tcp -m tcp --dport 48280-j DNAT --to-destination 10.8.0.2:48280
-A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to-source 1.2.3.4
Regarding client, it is Windows 10