Author Topic: [SOLVED]Help with port forwarding?  (Read 3859 times)

k0cbek

  • Zen Apprentice
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
[SOLVED]Help with port forwarding?
« on: April 11, 2011, 12:42:57 pm »
Hello.
I am new with Zentyal and need some help with port forwarding to get acces to internal router, for configurating him.

Have 2 NIC in my server: - eth0 (external) - eth1 (internal - 192.168.1.1) - both with static IP.
Everything works perfectly(gateway, dhcp, transparent proxy)
Only port forwarding doesn work.
I need to get external access to my WiFi router who is connected on my internal LAN.
I tried everything what was suggested in this forum, but nothing didn't work.

I create services with port 8080, and added in fireware rules.
Added port forwarding like:
Interface:eth0
Original destination: Zentyal
original destination port:8080
Protocol: any
Destination ip: 192.168.1.241
port: same
  
Thanks.
« Last Edit: April 20, 2011, 01:56:21 pm by k0cbek »

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: Help with port forwarding?
« Reply #1 on: April 11, 2011, 02:05:37 pm »
Have you tried restarting Zentyal?  "Sudo /etc/init.d/ebox restart."  I had trouble with port forwarding until I restarted the server. 

k0cbek

  • Zen Apprentice
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: Help with port forwarding?
« Reply #2 on: April 11, 2011, 02:09:17 pm »
Have you tried restarting Zentyal?  "Sudo /etc/init.d/ebox restart."  I had trouble with port forwarding until I restarted the server. 

Yes, I did. And still doesn't work.

Thanks for replay.

k0cbek

  • Zen Apprentice
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: Help with port forwarding?
« Reply #3 on: April 12, 2011, 03:03:31 pm »
Could dis be a bug? I'm using the latest version of zentyal.

alxbzm

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Help with port forwarding?
« Reply #4 on: April 13, 2011, 10:33:29 am »
Original destination: Zentyal

Try to change original destination to IP adress on external interface.

exekias

  • Zentyal Staff
  • Zen Warrior
  • *****
  • Posts: 196
  • Karma: +21/-0
    • View Profile
    • The Big Bug Theory
Re: Help with port forwarding?
« Reply #5 on: April 13, 2011, 01:22:25 pm »
Hi k0cbek,

Please, can you paste the output of the following commands?

Code: [Select]
iptables -v -L
iptables -t nat -v -L

Best regards

k0cbek

  • Zen Apprentice
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: Help with port forwarding?
« Reply #6 on: April 14, 2011, 08:06:30 am »
Results for iptables:
iptables -v -L is "table.txt"
iptables -t nat -v -L is "table1.txt"

Thanks for replay.

exekias

  • Zentyal Staff
  • Zen Warrior
  • *****
  • Posts: 196
  • Karma: +21/-0
    • View Profile
    • The Big Bug Theory
Re: Help with port forwarding?
« Reply #7 on: April 14, 2011, 10:37:53 am »
Sorry, I think you uploaded the same file 2 times 

k0cbek

  • Zen Apprentice
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: Help with port forwarding?
« Reply #8 on: April 14, 2011, 11:43:32 am »
Sorry.
My mistake.

Here are the resultes fo riptables -t -nat -v -L (i changed server public IP with x.x.x.x)
192.168.1.252 is server gateway for internal lan.

Chain PREROUTING (policy ACCEPT 83125 packets, 23M bytes)
 pkts bytes target     prot opt in     out     source               destination         
83130   23M premodules  all  --  any    any     anywhere             anywhere           
    0     0 DNAT       udp  --  eth0   any     anywhere             prometna.psmb.si    udp dpt:http-alt to:192.168.1.241
    5   260 DNAT       tcp  --  eth0   any     anywhere             prometna.psmb.si    tcp dpt:http-alt to:192.168.1.241
    0     0 DNAT       tcp  --  eth1   any     anywhere             192.168.1.252       tcp dpt:http-alt to:192.168.1.241

Chain POSTROUTING (policy ACCEPT 644 packets, 200K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  644  200K postmodules  all  --  any    any     anywhere             anywhere           
    0     0 SNAT       all  --  any    eth0   !prometna.psmb.si     anywhere            to:X.X.X.X

Chain OUTPUT (policy ACCEPT 639 packets, 200K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain postmodules (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain premodules (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     tcp  --  eth1   any     anywhere             192.168.1.252       tcp dpt:pop3
    0     0 RETURN     tcp  --  eth1   any     anywhere             prometna.psmb.si    tcp dpt:pop3
    0     0 RETURN     tcp  --  eth1   any     anywhere             localhost           tcp dpt:pop3
    0     0 REDIRECT   tcp  --  eth1   any     anywhere             anywhere            tcp dpt:pop3 redir ports 8110
    0     0 REDIRECT   tcp  --  eth1   any     anywhere            !192.168.1.252       tcp dpt:www redir ports 3129

k0cbek

  • Zen Apprentice
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: Help with port forwarding?
« Reply #9 on: April 14, 2011, 09:04:41 pm »
Original destination: Zentyal

Try to change original destination to IP adress on external interface.

I tryed that, but result was the same.

exekias

  • Zentyal Staff
  • Zen Warrior
  • *****
  • Posts: 196
  • Karma: +21/-0
    • View Profile
    • The Big Bug Theory
Re: Help with port forwarding?
« Reply #10 on: April 17, 2011, 05:44:05 pm »
This is strange because, you can see in your dump:


    5   260 DNAT       tcp  --  eth0   any     anywhere             prometna.psmb.si    tcp dpt:http-alt to:192.168.1.241

That 5 means that 5 packets were transmitted to 192.168.1.241. Maybe the router is not properly configured so it doesn't know how to send packets back to Zentyal?

k0cbek

  • Zen Apprentice
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: Help with port forwarding?
« Reply #11 on: April 18, 2011, 02:22:00 pm »
But when I'm on my zentyal server I can go on my routre thrue 8080 port. But not when i am on external(from home).

 

exekias

  • Zentyal Staff
  • Zen Warrior
  • *****
  • Posts: 196
  • Karma: +21/-0
    • View Profile
    • The Big Bug Theory
Re: Help with port forwarding?
« Reply #12 on: April 18, 2011, 04:32:36 pm »
I understand,

Probably that means that Zentyal is not the default gateway for 192.168.1.241, so it can't reach Zentyal to send response. Can you try to change that machine routes to add Zentyal as gateway?


Best regards

k0cbek

  • Zen Apprentice
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: Help with port forwarding?
« Reply #13 on: April 20, 2011, 01:55:17 pm »
Thanks cperez. The default gateway on the router was the problem. Now it's working.

therobust

  • Zen Apprentice
  • *
  • Posts: 41
  • Karma: +0/-0
    • View Profile
Re: Help with port forwarding?
« Reply #14 on: June 04, 2011, 10:21:33 am »
I understand,

Probably that means that Zentyal is not the default gateway for 192.168.1.241, so it can't reach Zentyal to send response. Can you try to change that machine routes to add Zentyal as gateway?


Best regards
Hello sir,

i am facing a port forwarding issue on a newly installed zentyal. I am able to reach a webserver, connected to LAN interface of zentyal, from zentyal however no connectivity from outside world.
i checked logs which show that all requests on port 80 are 'REDIRECT' however no connectivity from internet in reality.
i have set the public IP of the zentyal server as original destination IP. Moreover, i have connected webserver directly to the LAN interface of zentyal and set the IP address of xentyal LAN interface as default gateway on the webserver.

any help plz.???

Update: well, i tried to access the webserver from another pc using public ip in the same range assigned to WAN interface of zentyal.
say zentyal wan ip is 115.xx.xx.19/28
i am trying to reach webserver behind zentyal with port forwarding from ip 115.xx.xx.21/28 and it works...seems everything fine with port forwarding however an issue with http proxy?....but http proxy is disabled.... wher could be the issue???? :-[
« Last Edit: June 04, 2011, 11:11:14 am by therobust »