Is their something to know for PPP0 + VIRTUAL SERVER ?

[philippe]

Hi,

I have setup a PC with 2 network card and an ethernet bridge ADSL modem.
Everything seems to works, except the virtual server.
I have add in the INPUT chain some rules to handle properly only TCP port 22222 + ICMP

Code:

Chain INPUT (policy ACCEPT 288 packets, 51719 bytes)
pkts bytes target prot opt in out source destination
11440 749K SYS_GUI all — * * 0.0.0.0/0 0.0.0.0/0
11440 749K SYS_INPUT all — * * 0.0.0.0/0 0.0.0.0/0
1 40 SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
221 28894 SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 SYS_SSH tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
159 13300 ACCEPT icmp — ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp — ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22222
10053 603K DROP all — ppp0 * 0.0.0.0/0 0.0.0.0/0

Code:

Chain PREROUTING (policy ACCEPT 22863 packets, 1427K bytes)
pkts bytes target prot opt in out source destination
13 588 DNAT tcp — ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22222 to:192.168.0.22:22

Chain POSTROUTING (policy ACCEPT 451 packets, 29637 bytes)
pkts bytes target prot opt in out source destination
514 34208 SNATVS all — * * 0.0.0.0/0 0.0.0.0/0
63 4571 MASQUERADE all — * ppp0 0.0.0.0/0 0.0.0.0/0

Chain SNATVS (1 references)
pkts bytes target prot opt in out source destination

My problem, from internet when I try to scan or connect to the 22222 TCP port, no way :

Code:

root@yyyyyyyyyy:~# nmap -p 22222 178.X.X.X

Starting Nmap 4.62 ( http://nmap.org ) at 2011-09-27 21:46 CEST
Interesting ports on 178.X.X.X :
PORT STATE SERVICE
22222/tcp filtered unknown

No way to obtain the 22222 …

Someone have an idea please ?

Regards,

Philippe

[Author]

Posts