0

Hello all.
After passing for some days trying to configure ip forwarding under debian i've understood that there is some problem with them.
So now i'm looking for any stand-alone app, not a firewall to handle the port forwarding.
Would be glad for any information.
If you have some skill with iptables, you could pass by
http://ubuntuforums.org/showthread.php?t=1282215
and
http://forums.debian.net/viewtopic.php?f=10&t=45715
Thanks in advance.

2
Contributors
14
Replies
15
Views
8 Years
Discussion Span
Last Post by jen140
Featured Replies
  • 1
    sknake 1,622   8 Years Ago

    I don't understand the question. There aren't any problems with iptables, you can port forward with it. Read More

  • 1
    sknake 1,622   8 Years Ago

    I don't think any of the posts have clearly explained what you are trying to accomplish. [QUOTE] Internet->server(eth0)->server(eth1)->router->clients. Router cant be the first to connect to the internet because it doesnt have the neden port. [/QUOTE] What is neden? Server eth0: Dynamic Public IP Server eth1: LAN Address space 192.168.0.1/255.255.255.0 … Read More

  • 1
    sknake 1,622   8 Years Ago

    Its going to show filtered if it didn't receive a closed response, so if the port forwarding was set up incorrectly it would show filtered as I suspect is the case here. Obviously your machine doing the routing is debian linux. What OS is the machine you're trying to forward … Read More

  • 1
    sknake 1,622   8 Years Ago

    [QUOTE] Machine 192.168.0.200 is also a debian machine, that runs a honeypot (nepenthes) on a variety of ports. From lan i can easily connect to it using 139/135/21/etc[COLOR="Red"](but i dont need internet connection there so it doesnt have gateway defined).[/COLOR] [/QUOTE] Well that explains why your port forwarding doesn't work. … Read More

  • 1
    sknake 1,622   8 Years Ago

    You're welcome and I'm glad you got it working. There is always the add to reputation option! ;) Read More

1

I don't understand the question. There aren't any problems with iptables, you can port forward with it.

0

If you have passed by any of the given links you would see that there is a problem(in my case).
Here is the list of what i tryied and the responses:

iptables -A tcp_packets -p TCP -s 0/0 --dport 139 -j ACCEPT
iptables -A udpincoming_packets -p UDP -s 0/0 --source-port 139 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 83.132.157.123 --dport 139 -j DNAT --to 192.168.0.200:139
//filtered 
iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 139 -j DNAT --to 192.168.0.200:139
//filtered 
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 83.132.157.123 --dport 139 -j DNAT --to 192.168.0.200:139
iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.200 --dport 139 -j ACCEPT
//closed <- host down
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 139 -j DNAT --to 192.168.0.200:139
iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.200 --dport 139 -j ACCEPT
//filtered 
iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 139 -j DNAT --to 192.168.0.200:139
iptables -A FORWARD -p tcp -i eth0 -d 83.132.157.123 --dport 139 -j ACCEPT
//filtered <- host down
iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 139 -j DNAT --to 192.168.0.200:139
iptables -A FORWARD -p tcp -i eth0 --dport 139 -j ACCEPT
//filtered

As you see,none gives "open".

1

I don't think any of the posts have clearly explained what you are trying to accomplish.

Internet->server(eth0)->server(eth1)->router->clients.
Router cant be the first to connect to the internet because it doesnt have the neden port.

What is neden?
Server eth0: Dynamic Public IP
Server eth1: LAN Address space 192.168.0.1/255.255.255.0
SSH Machine: 192.168.0.200
Clients: 192.168.0.2 and 192.168.0.3.

How are your clients and server running on what appears to be the same address space/subnet even though they traverse a router? I don't think your network diagram is complete. I also saw you had 10.x address bindings on your server. Is this a result of bridged connections for internet sharing with your virtual machine?

0

10.10.0.x is my vpn, that works fine.
all the clients (192.168.0.x) now have internet.
The machine where the connection should "enter" is the server.
All the connections made to it from the internet on port 135, should be redirected to the machine that has ip 192.168.0.200 on the same port.

1

Its going to show filtered if it didn't receive a closed response, so if the port forwarding was set up incorrectly it would show filtered as I suspect is the case here.

Obviously your machine doing the routing is debian linux. What OS is the machine you're trying to forward to? In your other posts you mention port :21 and now you're mentioning port 135. From what I can tell you're talking about TCP but you also refer to UDP:

iptables -A tcp_packets -p TCP -s 0/0 --dport 139 -j ACCEPT
iptables -A udpincoming_packets -p UDP -s 0/0 --source-port 139 -j ACCEPT

Plus you're appending rules to chains that you don't show are targeted in the pastes your posting here. What I see is a lot of incomplete information....

On your table doing the packeting switching/routing (iptables) post the output from:

root@svn:~# arp -a
root@svn:~# ifconfig -a
root@svn:~# iptables-save
root@svn:~# route -n
root@svn:~# cat /etc/network/interfaces
root@svn:~# sysctl net.ipv4

If the machine on 192.168.0.200 is Linux please provide the same output.

Edited by sknake: n/a

0

Sorry for providing diferent ports, but the ideia is to have a rule (2 or 3 lines code) with some port (for example 139) to easily set up port forwarding to any port.
Machine 192.168.0.200 is also a debian machine, that runs a honeypot (nepenthes) on a variety of ports.
From lan i can easily connect to it using 139/135/21/etc(but i dont need internet connection there so it doesnt have gateway defined).
The output of the commands you asked:
server:/home/jen140# arp -a

? (192.168.0.88) at 00:0c:29:4d:75:d6 [ether] on eth1
? (192.168.0.3) at 00:23:54:51:a3:b7 [ether] on eth1
a213-22-129-254.cpe.netcabo.pt (213.22.129.254) at 00:05:5f:ef:a4:01 [ether] on eth0

server:/home/jen140# ifconfig -a

eth0      Link encap:Ethernet  HWaddr 00:13:f7:cb:9a:0b
          inet addr:213.22.128.X  Bcast:213.22.129.255  Mask:255.255.254.0
          inet6 addr: fe80::213:f7ff:fecb:9a0b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1050560 errors:0 dropped:0 overruns:0 frame:0
          TX packets:797253 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1172372697 (1.0 GiB)  TX bytes:249272821 (237.7 MiB)
          Interrupt:18 Base address:0xb000

eth1      Link encap:Ethernet  HWaddr 00:0e:2e:f2:2d:e3
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20e:2eff:fef2:2de3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:869657 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1125051 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:258204867 (246.2 MiB)  TX bytes:1178122158 (1.0 GiB)
          Interrupt:19 Base address:0xb400

eth2      Link encap:Ethernet  HWaddr 00:0c:76:c1:32:3f
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:20 Base address:0xb800

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3608 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3608 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:157737 (154.0 KiB)  TX bytes:157737 (154.0 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.10.0.1  P-t-P:10.10.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:93280 errors:0 dropped:0 overruns:0 frame:0
          TX packets:93288 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:4488716 (4.2 MiB)  TX bytes:3768244 (3.5 MiB)

vboxnet0  Link encap:Ethernet  HWaddr 0a:00:27:00:00:00
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

server:/home/jen140# iptables-save

# Generated by iptables-save v1.4.5 on Sun Oct 11 19:31:11 2009
*nat
:PREROUTING ACCEPT [135806:7435880]
:POSTROUTING ACCEPT [1736:77699]
:OUTPUT ACCEPT [18860:1281505]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sun Oct 11 19:31:11 2009
# Generated by iptables-save v1.4.5 on Sun Oct 11 19:31:11 2009
*filter
:INPUT ACCEPT [225895:22253800]
:FORWARD ACCEPT [1810663:1406118105]
:OUTPUT ACCEPT [228365:18349217]
COMMIT
# Completed on Sun Oct 11 19:31:11 2009

server:/home/jen140# route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.10.0.2       0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.10.0.0       10.10.0.2       255.255.255.0   UG    0      0        0 tun0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
213.22.128.0    0.0.0.0         255.255.254.0   U     0      0        0 eth0
0.0.0.0         213.22.129.254  0.0.0.0         UG    0      0        0 eth0

server:/home/jen140# cat /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp

server:/home/jen140# sysctl net.ipv4

net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.ip_default_ttl = 64
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.tcp_syn_retries = 5
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_max_orphans = 32768
net.ipv4.tcp_max_tw_buckets = 180000
net.ipv4.ip_dynaddr = 0
net.ipv4.tcp_keepalive_time = 7200
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.ip_local_port_range = 32768    61000
net.ipv4.route.gc_thresh = 32768
net.ipv4.route.max_size = 524288
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_timeout = 300
net.ipv4.route.gc_interval = 60
net.ipv4.route.redirect_load = 5
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_silence = 5120
net.ipv4.route.error_cost = 250
net.ipv4.route.error_burst = 1250
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.mtu_expires = 600
net.ipv4.route.min_pmtu = 552
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.secret_interval = 600
net.ipv4.igmp_max_memberships = 20
net.ipv4.igmp_max_msf = 10
net.ipv4.inet_peer_threshold = 65664
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_maxttl = 600
net.ipv4.inet_peer_gc_mintime = 10
net.ipv4.inet_peer_gc_maxtime = 120
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_fack = 1
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_mem = 84192        112256  168384
net.ipv4.tcp_wmem = 4096        16384   3592192
net.ipv4.tcp_rmem = 4096        87380   3592192
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_adv_win_scale = 2
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_frto = 2
net.ipv4.tcp_frto_response = 0
net.ipv4.tcp_low_latency = 0
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_abc = 0
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_base_mss = 512
net.ipv4.tcp_workaround_signed_windows = 0
net.ipv4.tcp_dma_copybreak = 4096
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_allowed_congestion_control = cubic reno
net.ipv4.tcp_max_ssthresh = 0
net.ipv4.udp_mem = 97440        129920  194880
net.ipv4.udp_rmem_min = 4096
net.ipv4.udp_wmem_min = 4096
net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
net.ipv4.netfilter.ip_conntrack_tcp_loose = 1
net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 0
net.ipv4.netfilter.ip_conntrack_tcp_max_retrans = 3
net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
net.ipv4.netfilter.ip_conntrack_max = 65536
net.ipv4.netfilter.ip_conntrack_count = 273
net.ipv4.netfilter.ip_conntrack_buckets = 16384
net.ipv4.netfilter.ip_conntrack_checksum = 1
net.ipv4.netfilter.ip_conntrack_log_invalid = 0
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.retrans_time = 100
net.ipv4.neigh.default.base_reachable_time = 30
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.unres_qlen = 3
net.ipv4.neigh.default.proxy_qlen = 64
net.ipv4.neigh.default.anycast_delay = 100
net.ipv4.neigh.default.proxy_delay = 80
net.ipv4.neigh.default.locktime = 100
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.retrans_time = 100
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.unres_qlen = 3
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.anycast_delay = 100
net.ipv4.neigh.lo.proxy_delay = 80
net.ipv4.neigh.lo.locktime = 100
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.eth0.mcast_solicit = 3
net.ipv4.neigh.eth0.ucast_solicit = 3
net.ipv4.neigh.eth0.app_solicit = 0
net.ipv4.neigh.eth0.retrans_time = 100
net.ipv4.neigh.eth0.base_reachable_time = 30
net.ipv4.neigh.eth0.delay_first_probe_time = 5
net.ipv4.neigh.eth0.gc_stale_time = 60
net.ipv4.neigh.eth0.unres_qlen = 3
net.ipv4.neigh.eth0.proxy_qlen = 64
net.ipv4.neigh.eth0.anycast_delay = 100
net.ipv4.neigh.eth0.proxy_delay = 80
net.ipv4.neigh.eth0.locktime = 100
net.ipv4.neigh.eth0.retrans_time_ms = 1000
net.ipv4.neigh.eth0.base_reachable_time_ms = 30000
net.ipv4.neigh.eth1.mcast_solicit = 3
net.ipv4.neigh.eth1.ucast_solicit = 3
net.ipv4.neigh.eth1.app_solicit = 0
net.ipv4.neigh.eth1.retrans_time = 100
net.ipv4.neigh.eth1.base_reachable_time = 30
net.ipv4.neigh.eth1.delay_first_probe_time = 5
net.ipv4.neigh.eth1.gc_stale_time = 60
net.ipv4.neigh.eth1.unres_qlen = 3
net.ipv4.neigh.eth1.proxy_qlen = 64
net.ipv4.neigh.eth1.anycast_delay = 100
net.ipv4.neigh.eth1.proxy_delay = 80
net.ipv4.neigh.eth1.locktime = 100
net.ipv4.neigh.eth1.retrans_time_ms = 1000
net.ipv4.neigh.eth1.base_reachable_time_ms = 30000
net.ipv4.neigh.eth2.mcast_solicit = 3
net.ipv4.neigh.eth2.ucast_solicit = 3
net.ipv4.neigh.eth2.app_solicit = 0
net.ipv4.neigh.eth2.retrans_time = 100
net.ipv4.neigh.eth2.base_reachable_time = 30
net.ipv4.neigh.eth2.delay_first_probe_time = 5
net.ipv4.neigh.eth2.gc_stale_time = 60
net.ipv4.neigh.eth2.unres_qlen = 3
net.ipv4.neigh.eth2.proxy_qlen = 64
net.ipv4.neigh.eth2.anycast_delay = 100
net.ipv4.neigh.eth2.proxy_delay = 80
net.ipv4.neigh.eth2.locktime = 100
net.ipv4.neigh.eth2.retrans_time_ms = 1000
net.ipv4.neigh.eth2.base_reachable_time_ms = 30000
net.ipv4.neigh.tun0.mcast_solicit = 3
net.ipv4.neigh.tun0.ucast_solicit = 3
net.ipv4.neigh.tun0.app_solicit = 0
net.ipv4.neigh.tun0.retrans_time = 100
net.ipv4.neigh.tun0.base_reachable_time = 30
net.ipv4.neigh.tun0.delay_first_probe_time = 5
net.ipv4.neigh.tun0.gc_stale_time = 60
net.ipv4.neigh.tun0.unres_qlen = 3
net.ipv4.neigh.tun0.proxy_qlen = 64
net.ipv4.neigh.tun0.anycast_delay = 100
net.ipv4.neigh.tun0.proxy_delay = 80
net.ipv4.neigh.tun0.locktime = 100
net.ipv4.neigh.tun0.retrans_time_ms = 1000
net.ipv4.neigh.tun0.base_reachable_time_ms = 30000
net.ipv4.neigh.vboxnet0.mcast_solicit = 3
net.ipv4.neigh.vboxnet0.ucast_solicit = 3
net.ipv4.neigh.vboxnet0.app_solicit = 0
net.ipv4.neigh.vboxnet0.retrans_time = 100
net.ipv4.neigh.vboxnet0.base_reachable_time = 30
net.ipv4.neigh.vboxnet0.delay_first_probe_time = 5
net.ipv4.neigh.vboxnet0.gc_stale_time = 60
net.ipv4.neigh.vboxnet0.unres_qlen = 3
net.ipv4.neigh.vboxnet0.proxy_qlen = 64
net.ipv4.neigh.vboxnet0.anycast_delay = 100
net.ipv4.neigh.vboxnet0.proxy_delay = 80
net.ipv4.neigh.vboxnet0.locktime = 100
net.ipv4.neigh.vboxnet0.retrans_time_ms = 1000
net.ipv4.neigh.vboxnet0.base_reachable_time_ms = 30000
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.all.tag = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.promote_secondaries = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.accept_redirects = 1
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.default.accept_source_route = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.tag = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.promote_secondaries = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.accept_redirects = 1
net.ipv4.conf.lo.secure_redirects = 1
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.accept_source_route = 1
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.lo.tag = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_accept = 0
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.promote_secondaries = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.accept_redirects = 1
net.ipv4.conf.eth0.secure_redirects = 1
net.ipv4.conf.eth0.shared_media = 1
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth0.send_redirects = 1
net.ipv4.conf.eth0.accept_source_route = 1
net.ipv4.conf.eth0.proxy_arp = 0
net.ipv4.conf.eth0.medium_id = 0
net.ipv4.conf.eth0.bootp_relay = 0
net.ipv4.conf.eth0.log_martians = 0
net.ipv4.conf.eth0.tag = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.eth0.arp_accept = 0
net.ipv4.conf.eth0.disable_xfrm = 0
net.ipv4.conf.eth0.disable_policy = 0
net.ipv4.conf.eth0.force_igmp_version = 0
net.ipv4.conf.eth0.promote_secondaries = 0
net.ipv4.conf.eth1.forwarding = 1
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.eth1.accept_redirects = 1
net.ipv4.conf.eth1.secure_redirects = 1
net.ipv4.conf.eth1.shared_media = 1
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.eth1.send_redirects = 1
net.ipv4.conf.eth1.accept_source_route = 1
net.ipv4.conf.eth1.proxy_arp = 0
net.ipv4.conf.eth1.medium_id = 0
net.ipv4.conf.eth1.bootp_relay = 0
net.ipv4.conf.eth1.log_martians = 0
net.ipv4.conf.eth1.tag = 0
net.ipv4.conf.eth1.arp_filter = 0
net.ipv4.conf.eth1.arp_announce = 0
net.ipv4.conf.eth1.arp_ignore = 0
net.ipv4.conf.eth1.arp_accept = 0
net.ipv4.conf.eth1.disable_xfrm = 0
net.ipv4.conf.eth1.disable_policy = 0
net.ipv4.conf.eth1.force_igmp_version = 0
net.ipv4.conf.eth1.promote_secondaries = 0
net.ipv4.conf.eth2.forwarding = 1
net.ipv4.conf.eth2.mc_forwarding = 0
net.ipv4.conf.eth2.accept_redirects = 1
net.ipv4.conf.eth2.secure_redirects = 1
net.ipv4.conf.eth2.shared_media = 1
net.ipv4.conf.eth2.rp_filter = 0
net.ipv4.conf.eth2.send_redirects = 1
net.ipv4.conf.eth2.accept_source_route = 1
net.ipv4.conf.eth2.proxy_arp = 0
net.ipv4.conf.eth2.medium_id = 0
net.ipv4.conf.eth2.bootp_relay = 0
net.ipv4.conf.eth2.log_martians = 0
net.ipv4.conf.eth2.tag = 0
net.ipv4.conf.eth2.arp_filter = 0
net.ipv4.conf.eth2.arp_announce = 0
net.ipv4.conf.eth2.arp_ignore = 0
net.ipv4.conf.eth2.arp_accept = 0
net.ipv4.conf.eth2.disable_xfrm = 0
net.ipv4.conf.eth2.disable_policy = 0
net.ipv4.conf.eth2.force_igmp_version = 0
net.ipv4.conf.eth2.promote_secondaries = 0
net.ipv4.conf.tun0.forwarding = 1
net.ipv4.conf.tun0.mc_forwarding = 0
net.ipv4.conf.tun0.accept_redirects = 1
net.ipv4.conf.tun0.secure_redirects = 1
net.ipv4.conf.tun0.shared_media = 1
net.ipv4.conf.tun0.rp_filter = 0
net.ipv4.conf.tun0.send_redirects = 1
net.ipv4.conf.tun0.accept_source_route = 1
net.ipv4.conf.tun0.proxy_arp = 0
net.ipv4.conf.tun0.medium_id = 0
net.ipv4.conf.tun0.bootp_relay = 0
net.ipv4.conf.tun0.log_martians = 0
net.ipv4.conf.tun0.tag = 0
net.ipv4.conf.tun0.arp_filter = 0
net.ipv4.conf.tun0.arp_announce = 0
net.ipv4.conf.tun0.arp_ignore = 0
net.ipv4.conf.tun0.arp_accept = 0
net.ipv4.conf.tun0.disable_xfrm = 0
net.ipv4.conf.tun0.disable_policy = 0
net.ipv4.conf.tun0.force_igmp_version = 0
net.ipv4.conf.tun0.promote_secondaries = 0
net.ipv4.conf.vboxnet0.forwarding = 1
net.ipv4.conf.vboxnet0.mc_forwarding = 0
net.ipv4.conf.vboxnet0.accept_redirects = 1
net.ipv4.conf.vboxnet0.secure_redirects = 1
net.ipv4.conf.vboxnet0.shared_media = 1
net.ipv4.conf.vboxnet0.rp_filter = 0
net.ipv4.conf.vboxnet0.send_redirects = 1
net.ipv4.conf.vboxnet0.accept_source_route = 1
net.ipv4.conf.vboxnet0.proxy_arp = 0
net.ipv4.conf.vboxnet0.medium_id = 0
net.ipv4.conf.vboxnet0.bootp_relay = 0
net.ipv4.conf.vboxnet0.log_martians = 0
net.ipv4.conf.vboxnet0.tag = 0
net.ipv4.conf.vboxnet0.arp_filter = 0
net.ipv4.conf.vboxnet0.arp_announce = 0
net.ipv4.conf.vboxnet0.arp_ignore = 0
net.ipv4.conf.vboxnet0.arp_accept = 0
net.ipv4.conf.vboxnet0.disable_xfrm = 0
net.ipv4.conf.vboxnet0.disable_policy = 0
net.ipv4.conf.vboxnet0.force_igmp_version = 0
net.ipv4.conf.vboxnet0.promote_secondaries = 0
net.ipv4.ip_forward = 1
net.ipv4.ipfrag_high_thresh = 262144
net.ipv4.ipfrag_low_thresh = 196608
net.ipv4.ipfrag_time = 30
net.ipv4.ipfrag_secret_interval = 600
net.ipv4.ipfrag_max_dist = 64
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ratelimit = 250
net.ipv4.icmp_ratemask = 6168
1

Machine 192.168.0.200 is also a debian machine, that runs a honeypot (nepenthes) on a variety of ports.
From lan i can easily connect to it using 139/135/21/etc(but i dont need internet connection there so it doesnt have gateway defined).

Well that explains why your port forwarding doesn't work. You need to define a gateway on your honeypot machine because when it is responding to the WAN requests for a connection it doesn't know how to send a response back since it doesn't have a default gateway (The lack of response to a connection request will make it appear as filtered when you nmap it from an external machine). Try defining a gateway and it should work.

Edited by sknake: n/a

0

OMG!!!
Man, how can i thank you ?
Now the port is widely open:
139/tcp open netbios-ssn
Works just grate!!!
Thanks very much!

1

You're welcome and I'm glad you got it working. There is always the add to reputation option! ;)

0

Is the reputaton added based on "up-votes" ? or is there any magic button hidden that i cant find ? =)

0

Its a magic button :)

jen140 Offline
Junior Poster in Training 0 #11 3 Hours Ago | Add to jen140's Reputation | Flag Bad Post
Is the reputaton added based on "up-votes" ? or is there any magic button hidden that i cant find ? =)

Its on the same line as the arrows but on the left side! Take care and post back if you have any other routing troubles

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.