I want to forward all tcp packets incoming to my PC`s 7778 port to the connected device. It's ip - 192.168.137.111. Nmap shows that it listens for 7778 port and I can ping it from my PC. According to this answer, I've added the following rules:
iptables -t nat -A PREROUTING -p tcp --dport 7778 -j DNAT --to-destination 192.168.137.111:7778
iptables -t nat -A POSTROUTING -p tcp -d 192.168.137.111 --dport 7778 -j SNAT --to-source 10.99.220.62
Where 10.99.220.62 is my PC`s ip.
Also, I've added iptables -I INPUT -p tcp -m tcp --dport 7778 -j ACCEPT
Then, when I'm trying to connect to 10.99.220.62:7778 from another computer, tcpdump -i enp3s0 'port 7778' shows one packet: 19:56:08.035819 IP 10.99.221.104.60827 > alexandr-All-Series.7778: Flags [S], seq 568409282, win 8192, options [mss 1460,nop,nop,sackOK], length 0
But when I'm trying to tcpdump enx006037a1f5ef that "stands" for the connected device, it shows nothhing. And I don't get any response on the computer that has sent the packet.
I'm using Mint 19
Asked
Active
Viewed 162 times
-1
Sailor Moon
- 3
- 2
-
Could you include the output of `iptables -L -v --line-numbers` and `iptables -L -t nat -v --line-numbers` ? – Jose Raul Barreras Apr 09 '19 at 17:48
-
@JoseRaulBarreras https://pastebin.com/cD8DbBKt https://pastebin.com/Z9MkFsdE – Sailor Moon Apr 09 '19 at 17:52
1 Answers
3
Your firewall FORWARD chain policy is set to DROP, and there is no other rule for accepting packets for your port. This means that the firewall will drop the packet when it is becoming to the router.
You need to add the following rule:
iptables -A FORWARD -d 192.168.137.111 -p tcp --dport 7778 -j ACCEPT
Tero Kilkanen
- 36,796
- 3
- 41
- 63