I have a CentOS 5.11 server with 2 NICs. with the following configs
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
HWADDR=00:13:20:7f:6d:92
NETMASK=255.255.255.0
IPADDR=192.168.1.10
DNS1=127.0.0.1
DNS2=72.72.72.72
DNS3=72.72.72.73
DOMAIN=mydomain.com
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
# Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
DEVICE=eth1
BOOTPROTO=none
ONBOOT=yes
HWADDR=c4:6e:1f:01:f1:a5
NETMASK=255.255.255.0
IPADDR=10.15.1.10
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
DEFROUTE=no
DNS1=127.0.0.1
DNS2=10.25.25.52
DNS3=10.25.25.53
DOMAIN=mydomain.com
IPV4_FAILURE_FATAL=yes
I am trying to forward port 3306 to 10.20.1.250:3306 so far I have tried doing this
iptables -t nat -A PREROUTING -p tcp --dport 3306 -j DNAT --to-destination 10.20.1.250:3306
iptables -t nat -A PREROUTING -p udp --dport 3306 -j DNAT --to-destination 10.20.1.250:3306
iptables -t nat -A POSTROUTING -p tcp -d 10.20.1.250 --dport 3306 -j SNAT --to-source 192.168.1.10
iptables -t nat -A POSTROUTING -p udp -d 10.20.1.250 --dport 3306 -j SNAT --to-source 192.168.1.10
When I try to connect to mysql server from 192.168.1.11, It just hangs
if I try to use putty with ssh tunneling and 3306 configured from outside (Router forwards all SSH requests to 192.168.1.10:22), I get a communications link failure.
However when I do the following
iptables -t nat -A PREROUTING -p tcp --dport 3306 -j DNAT --to-destination 10.20.1.250:3306
iptables -t nat -A PREROUTING -p udp --dport 3306 -j DNAT --to-destination 10.20.1.250:3306
iptables -t nat -A POSTROUTING -p tcp -d 10.20.1.250 --dport 3306 -j SNAT --to-source 10.15.1.10
iptables -t nat -A POSTROUTING -p udp -d 10.20.1.250 --dport 3306 -j SNAT --to-source 10.15.1.10
then I can connect from 10.15.1.20.
I am not sure what I am doing wrong here? Any help here is appreciated.
Also this iptables fails to start with the following error message
Applying iptables firewall rules: iptables-restore v1.3.5: Can't set policy `PREROUTING' on `ACCEPT' line 4: Bad built-in chain name
first few lines in /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 3306 -j DNAT --to-destination 10.20.1.250:3306
-A PREROUTING -p tcp -m udp --dport 3306 -j DNAT --to-destination 10.20.1.250:3306
-A POSTROUTING -d 10.20.1.250/32 -p tcp -m tcp --dport 3306 -j SNAT --to-source 10.15.1.10
-A POSTROUTING -d 10.20.1.250/32 -p udp -m udp --dport 3306 -j SNAT --to-source 10.15.1.10
Port Forwarding 3306
Issues related to configuring your network
Return to “CentOS 5 - Networking Support”
Jump to
- CentOS General Purpose
- ↳ CentOS - FAQ & Readme First
- ↳ Announcements
- ↳ CentOS Social
- ↳ User Comments
- ↳ Website Problems
- CentOS 8 / 8-Stream / 9-Stream
- ↳ 8 /8-Stream / 9-Stream - General Support
- ↳ 8 /8-Stream / 9-Stream - Hardware Support
- ↳ 8 /8-Stream / 9-Stream - Networking Support
- ↳ 8 /8-Stream / 9-Stream - Security Support
- CentOS 7
- ↳ CentOS 7 - General Support
- ↳ CentOS 7 - Software Support
- ↳ CentOS 7 - Hardware Support
- ↳ CentOS 7 - Networking Support
- ↳ CentOS 7 - Security Support
- CentOS Legacy Versions
- ↳ CentOS 5
- ↳ CentOS 5 - General Support
- ↳ CentOS 5 - Software Support
- ↳ CentOS 5 - Hardware Support
- ↳ CentOS 5 - Networking Support
- ↳ CentOS 5 - Server Support
- ↳ CentOS 5 - Security Support
- ↳ CentOS 5 - Oracle Installation and Support
- ↳ CentOS 5 - Miscellaneous Questions
- ↳ CentOS 6
- ↳ CentOS 6 - General Support
- ↳ CentOS 6 - Software Support
- ↳ CentOS 6 - Hardware Support
- ↳ CentOS 6 - Networking Support
- ↳ CentOS 6 - Security Support