LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Iptables 1 port forwarding (centos 6) (Solved)
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-07-2018, 05:29 AM   #1
Stray Queen Hook
LQ Newbie
 
Registered: May 2018
Distribution: CentOS 6
Posts: 2

Rep: Reputation: 0
Iptables 1 port forwarding (centos 6) (Solved)

Hi,

Please help me to forward 1 port (tcp and udp) to client.
Centos 6 has L2TP/IPSec server on it.
There's only 1 client that connects to VPN server and acquires a static IP address (192.168.42.43).

This is how /etc/sysconfig/iptables looked like before I started trying to do it:
Code:
# Generated by iptables-save v1.4.7 on Mon May  7 00:25:03 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [188554:43325147]
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol none -j DROP 
-A INPUT -m conntrack --ctstate INVALID -j DROP 
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT 
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT 
-A INPUT -p udp -m udp --dport 1701 -j DROP 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -m conntrack --ctstate INVALID -j DROP 
-A FORWARD -i eth0 -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -i ppp+ -o eth0 -j ACCEPT 
-A FORWARD -s 192.168.42.0/24 -d 192.168.42.0/24 -i ppp+ -o ppp+ -j ACCEPT 
-A FORWARD -d 192.168.43.0/24 -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -s 192.168.43.0/24 -o eth0 -j ACCEPT 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j DROP  
COMMIT
# Completed on Mon May  7 00:25:03 2018
# Generated by iptables-save v1.4.7 on Mon May  7 00:25:03 2018
*nat
:PREROUTING ACCEPT [53:3049]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [10:712]
-A POSTROUTING -s 192.168.42.0/24 -o eth0 -j MASQUERADE 
-A POSTROUTING -s 192.168.43.0/24 -o eth0 -m policy --dir out --pol none -j MASQUERADE
COMMIT
# Completed on Mon May  7 00:25:03 2018
Then I executed this commands:
Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 77.1.204.240
iptables -A INPUT -p udp --dport 62841 -j ACCEPT
iptables -A INPUT -p tcp --dport 62841 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.42.43 --dport 62841 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.42.43 --dport 62841 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 62841 -j DNAT --to 192.168.42.43:62841
iptables -A PREROUTING -t nat -i eth0 -p udp --dport 62841 -j DNAT --to 192.168.42.43:62841
...so it looks like this:
Code:
# Generated by iptables-save v1.4.7 on Mon May  7 00:25:03 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [188554:43325147]
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol none -j DROP 
-A INPUT -m conntrack --ctstate INVALID -j DROP 
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT 
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT 
-A INPUT -p udp -m udp --dport 1701 -j DROP 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A INPUT -p tcp -m tcp --dport 62841 -j ACCEPT 
-A INPUT -p udp -m udp --dport 62841 -j ACCEPT 
-A FORWARD -m conntrack --ctstate INVALID -j DROP 
-A FORWARD -i eth0 -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -i ppp+ -o eth0 -j ACCEPT 
-A FORWARD -s 192.168.42.0/24 -d 192.168.42.0/24 -i ppp+ -o ppp+ -j ACCEPT 
-A FORWARD -d 192.168.43.0/24 -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -s 192.168.43.0/24 -o eth0 -j ACCEPT 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j DROP 
-A FORWARD -d 192.168.42.43/32 -p udp -m udp --dport 62841 -j ACCEPT 
-A FORWARD -d 192.168.42.43/32 -p tcp -m tcp --dport 62841 -j ACCEPT 
COMMIT
# Completed on Mon May  7 00:25:03 2018
# Generated by iptables-save v1.4.7 on Mon May  7 00:25:03 2018
*nat
:PREROUTING ACCEPT [53:3049]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [10:712]
-A PREROUTING -i eth0 -p udp -m udp --dport 62841 -j DNAT --to-destination 192.168.42.43:62841
-A PREROUTING -i eth0 -p tcp -m tcp --dport 62841 -j DNAT --to-destination 192.168.42.43:62841
-A POSTROUTING -s 192.168.42.0/24 -o eth0 -j MASQUERADE 
-A POSTROUTING -s 192.168.43.0/24 -o eth0 -m policy --dir out --pol none -j MASQUERADE 
-A POSTROUTING -o eth0 -j SNAT --to-source 193.124.185.66 
COMMIT
# Completed on Mon May  7 00:25:03 2018
Sadly, port 62841 is still inaccessible on 192.168.42.43...
I also tried to comment these lines:
Code:
##-A FORWARD -j DROP 
##-A POSTROUTING -s 192.168.42.0/24 -o eth0 -j MASQUERADE
Thanks in advance!
Last edited by Stray Queen Hook; 05-07-2018 at 06:27 PM. Reason: Solved
 
Old 05-07-2018, 06:32 PM   #2
Stray Queen Hook
LQ Newbie
 
Registered: May 2018
Distribution: CentOS 6
Posts: 2

Original Poster
Rep: Reputation: 0
The problem is solved:
I should have used -I (insert) instead of -A (append) in some of new lines.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] IPtables : ssh port forwarding one port to another port issue routers Linux - Networking 7 08-07-2018 08:41 AM
Iptables port forwarding impossible to port 25 piquezino Linux - Networking 4 12-03-2013 12:38 PM
Iptables - port forwarding to blocked port? spangberg Linux - Networking 2 03-26-2010 04:48 AM
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 07:35 PM
Port Forwarding and IpTables nathanieljb Linux - Networking 1 03-17-2005 01:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:39 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration