Help with ipchains

I can't seem to get a simple Oracle SQL*Net connecting through my ipchains based firewall.  I must be missing something, but I can't figure out what.

All I want to do is let an Oracle database connection from outside my network through to a 9i database within my network(behind the firewall).  I have tried to be as least restrictive as I possibly can about these two rules.  Here are the two rules I have been trying to get right:

ipchains -A input  -s 0/0 -d 0/0 1521 -b -p tcp -j ACCEPT
ipchains -A output -s 0/0 1521 -d 0/0 -b -p tcp -j ACCEPT


I have tried putting these rules at the top of my rule set, so I don't think its being blocked by another rule.  Thanks for the help.
barthalamuAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

majorwooCommented:
you will need to forward those ports to the machine with the database on it, or else it wont work

#this will redirect all web conections (port 80) to you intenal server (using the tcp protocal (proto))
ipmasqadm portfw -a -P tcp -L 194.160.1.1 80 -R 10.10.0.2 80

you should look into iptables, it's easier to use, newer and has more options in addition to being more secure

http://majorwoo.dynup.net:1024/pub/rc.firewall

is a nice iptables script with a port forwarding example

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 1521 -j DNAT --to 192.168.2.2:1521
iptables -A FORWARD -p tcp --dport 1521 -i eth1 -j ACCEPT

anythign coming in the interface eth1 (change yours to match) will be forwarded to the machine 192.168.2.2 on port 1521
0
ahoffmannCommented:
ipchains -A forward -s 0/0 -i eth0 -j MASQ
ipchains -A forward -s 0/0 -d 0/0 1521 -b -p tcp -j ACCEPT
# feel free to substitute or remove eth0 as you need
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
barthalamuAuthor Commented:
Thank you.  Although this was not the problem, it got me thinking along the right track.  It turns out it was a routing problem with that machine.  For some reason the wrong /etc/defaultrouter was defined, so traffic was able to get in, but not out.  Thanks to both of you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.