Topic: Portforwarding not working after fresh install & updates

[pwinkler]

i am trying to forward port 3389 (terminal services) to a server behind sme server and it is not working.

I have this working on two other servers on the same site but this one does not want to work.

As mentiond above this is a fresh install with updates applied.

What do I look for?

Pls help

[guest22]

Hi,

Which version, what updates?

RequestedDeletion

[pwinkler]

SME 6.0.1-01 and the updates from the update script
on this thread

http://forums.contribs.org/index.php?topic=24285.0

[guest22]

Hi Pwinkler,

Please keep in mind that the updatescript is not an 'official' contribs. Next to that I do not see anything within the mentioned script that could harm the default portfowarding functionality.

I personally portforward 3389 on some setups with SME Server 6.0.1-01 with no problems. Did you sniff already to see if the port is indeed forwarded?

RequestedDeletion

[pwinkler]

What updates are "contribs" or what should i install after a basic install?

I have tried to telnet to the ip on port 3389 and get
"could not open a connection to host.. connect failed"

[guest22]

Take a look at '/etc/init.d/masq' and look for 3389. If it's in there then SME Server is doing it's job

RequestedDeletion

[pwinkler]

there is no "3389" in /etc/rc.d/init.d/masq

[guest22]

Then what you describe is correct

How did you try to port forward? If it is via the server manager (default) then remove and add again just to see what happens.

Any chance you have a custom template/fragment regarding masq?

btw: joining IRC on freenode # sme-server would get you to 'live' people

guest

[pwinkler]

I have already deleted & re-entered the portforwarding using the panel a couple of times and again just now, I also checked /etc/init.d/masq again to see if there was any change but no!

[guest22]

Ok, time to get it working first and then find out what's wrong

Create a custom template by copying /etc/e-smith/templates/etc/rc.d/init.d/91AdjustPortForward

to /etc/e-smith/custom-templates/etc/rc.d/init.d/91AdjustPortForward
/etc

then edit the custom template fragment by adding the below rule:

# Start portforwarding rule port 3389 MS-TS
--destination-port 3389 -j DNAT --to-destination 192.168.5.3:3389
adjust_tcp_in 3389 ACCEPT ForwardedTCP_$$ 192.168.5.3/32
# End portforwatding rule

so the section looks like:
# Create a new PortForwarding chain
PFC=$(/sbin/iptables --table nat --numeric --list PortForwarding |\
   sed -n '3s/ .*//p')
    /sbin/iptables --table nat --new-chain PortForwarding_$$
    /sbin/iptables --table nat --append PortForwarding_$$ --protocol tcp \
         --destination-port 3389 -j DNAT --to-destination 192.168.5.3:3389
    adjust_tcp_in 3389 ACCEPT ForwardedTCP_$$ 192.168.5.3/32
    /sbin/iptables --table nat --replace PortForwarding 1 --destination $OUTERNET --jump PortForwarding_$$
    /sbin/iptables --table nat --flush $PFC
    /sbin/iptables --table nat --delete-chain $PFC

where 192.168.5.3 is the IP address of the accepting machine.

Expand the new template fragment and restart masq

Portforwarding 3389 should now work.

RequestedDeletion

[pwinkler]

Thanks for your help thus far RequestedDeletion.

I tried copying
/etc/e-smith/templates/etc/rc.d/init.d/masq/91AdjustPortForward

to
 
/etc/e-smith/custom-templates/etc/rc.d/init.d/91AdjustPortForward
/etc

Mybe I'm a bit thick but I can't find the second path path or anything like it!

Do you want me to create it?

Anyway, I have copied & edited the  template as per your instructions.

Thanks again!

[guest22]

Yep, you need to create the path: /etc/e-smith/custom-templates/etc/rc.d/init.d/

RequestedDeletion

[compdoc]

you sure youre forwarding to the right internal IP address? And that the hardware is right? I've never seen port forwarding fail in any release of SME - even when you had to install your own server panel.

[rmoria]

Same problem here.

Fresh install of 6-01-01. I did not use the install-script, but I did use a lot of the same contribs.

Trying to change the template did not help (or work) up till now.
I have to change a lot more ports (not just 3389).

Is there somewhere else we can look.

[guest22]

Hi,

Well I guess it's time to check te contribs used. A fresh install of SME Server 6.0.1-01 works perfectly. Maybe you guys can team up and find out what contributions you have in common?

RequestedDeletion