LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-30-2006, 02:01 PM   #1
pula0r
LQ Newbie
 
Registered: May 2004
Posts: 15

Rep: Reputation: 0
forwarding ports fc5 for server


i have a 500mhz p3 intel dell computer that is a few years old, but i set it up as my router for my cable modem connection

while everything seems to function correctly, i am unsure how to forward ports for various things (ssh, bittorrent, ftp)

ive read a bit of google and i believe you use the iptables to open ports (this is what i did for routing the internet)

i am a bit of a newbie, but know some linux

please help!
thanks,
pula
 
Old 08-30-2006, 02:21 PM   #2
htb
LQ Newbie
 
Registered: Jul 2006
Distribution: SlackWare/RHEL
Posts: 19

Rep: Reputation: 0
if you wanna forward ports lookup on iptables -j SNAT / -j DNAT targets
 
Old 08-30-2006, 02:22 PM   #3
dombrowsky
Member
 
Registered: Dec 2005
Location: New York
Distribution: Debian/GNU
Posts: 235

Rep: Reputation: 31
Lightbulb

Sounds like we have similar configurations. My cable modem plugs into one network interface on my debian box, and my wireless router plugs into the second interface. I believe I could have plugged in the modem directly into the router and had it do all the network address translation, but I run a few servers on the debian box, and I wanted it to have a direct connection. In order to run the box as a full gateway (I think that's what its called), I need to configure iptables and run bind for address resolution.

Here's the shell script that I run to start iptables to forward all ip requests from eth1 (internal LAN) to eth0 (internet).

Code:
# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward             # Enables packet forwarding by kernel

# list the current status (for debugging)
iptables --list -t nat
For BIND9, The default configuration should suffice for normal home use. I have no idea how to configure it to do anything else :). Just install the package, start the server, and you should be ready to go. This is needed (in my network setup) to allow all your LAN machines to resolve internet addresses.

Code:
apt-get install bind9
/etc/init.d/bind9 start
NOW....

In order to directly connect to one of your machines on the internal network from the internet, you'll have to forward a port on the gateway machine. The easiest way to do this is with SSH. "man ssh" for the details. Here's what I used the other day to connect to my OS X laptop from the internet through my LAN:

Code:
# from the gateway machine:
ssh -Nn -vv -g -L 8000:osx.6thstreetradio.org:22 davek@localhost
This will open port 8000 on the gateway machine and will forward it to port 22 (ssh port) on the laptop. Flags: '-Nn' directs all inputs and outputs to/from /dev/null, '-vv' is very verbose output, '-g' allows external clients to connect, '-L 8000:osx.6thstreetradio.org:22' tells ssh to forward LOCAL port 8000 to remote port 22 (see the -R flag to tunnel the other way).

This is perhaps the most useful networking cruft that I know about linux.

-dave
 
Old 08-30-2006, 02:35 PM   #4
htb
LQ Newbie
 
Registered: Jul 2006
Distribution: SlackWare/RHEL
Posts: 19

Rep: Reputation: 0
maybe this will help the both of you

Code:
iptables -t nat -A PREROUTING -p tcp -d 15.45.23.67 --dport 80 \
-j DNAT --to-destination 192.168.1.1-192.168.1.10
The --to-destination option tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. The above example would send on all packets destined for IP address 15.45.23.67 to a range of LAN IP's, namely 192.168.1.1 through 10. Note, as described previously, that a single stream will always use the same host, and that each stream will randomly be given an IP address that it will always be Destined for, within that stream. We could also have specified only one IP address, in which case we would always be connected to the same host. Also note that we may add a port or port range to which the traffic would be redirected to. This is done by adding, for example, an :80 statement to the IP addresses to which we want to DNAT the packets. A rule could then look like --to-destination 192.168.1.1:80 for example, or like --to-destination 192.168.1.1:80-100 if we wanted to specify a port range. As you can see, the syntax is pretty much the same for the DNAT target, as for the SNAT target even though they do two totally different things. Do note that port specifications are only valid for rules that specify the TCP or UDP protocols with the --protocol option.
 
Old 08-30-2006, 11:56 PM   #5
pula0r
LQ Newbie
 
Registered: May 2004
Posts: 15

Original Poster
Rep: Reputation: 0
do i have to redo my entire iptable configuration each time i want to forward ports?

Last edited by pula0r; 09-08-2006 at 03:33 PM.
 
Old 09-12-2006, 01:21 PM   #6
amitsharma_26
Member
 
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777

Rep: Reputation: 31
Quote:
Originally Posted by pula0r
do i have to redo my entire iptable configuration each time i want to forward ports?
NO, if in case forwarding ports isnt the only functional use of your iptable script, you can create another seperate script for forwarding ports with respective SNAT/DNAT rules in it.

Yes, if incase you are only using iptables to forward ports.

Though you can place this script or any script in any of your box's startup scripts to let them activate @ boot & you can also use iptables-save & restore function. Try google them for further details, man page is a nice place to startwith as well.

Last edited by amitsharma_26; 09-12-2006 at 01:22 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ports not forwarding with pf linuxpyro *BSD 1 02-16-2006 06:09 PM
Iptables not forwarding ports pIscIs Linux - Networking 9 05-02-2005 07:56 AM
Forwarding domains rather than ports? cquinn Linux - Newbie 2 03-31-2004 10:43 AM
Forwarding ports Xenocide Linux - Networking 0 12-29-2003 05:12 PM
forwarding mail ports ewlnxnewB Linux - Networking 2 12-04-2003 03:46 PM


All times are GMT -5. The time now is 02:15 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration