Here is my Network:
Code:
Internet
-----------|-----------
Static IP Router
IP: 192.168.0.1
-----------|-----------
ETH0: 192.168.0.101
Ubuntu DHCP + Firewall
ETH1: 172.17.207.121
-----------|-----------
IP: 172.17.207.200
WebServer
i tried Port Forwarding using these Commands:
Code:
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 6900 -j DNAT --to 172.17.207.200
/sbin/iptables -A FORWARD -d 172.17.207.200 -p tcp --dport 6900 -j ACCEPT
But that doesnt work ive tried pinging 172.17.207.200 from the Ubuntu Server but it just times out maybe there is a network problem?
Im trying to Forward port 6900 from the internet to ip: 172.17.207.200 in my inside network on port: 80
Any Ideas?
My rc.local script that sets up NAT and port forwarding using iptables:
Code:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
echo " * STARTING AND CONFIGURING FIREWALL.................................."
echo " * Flushing All iptables already setup [ OK ]"
# START FLUSH
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
# END FLUSH
echo " * Setting Default Filter Policy [ OK ]"
# START DEFAULT FILTER POLICY
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
# END DEFAULT FILTER POLICY
echo " * Setting Unlimited access to loop back [ OK ]"
# START UNLIMITED ACCESS TO LOOPBACK
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# END UNLIMITED ACCESS TO LOOPBACK
echo " * Setting up NAT... [ OK ]"
# START NAT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE
# END NAT
echo " * Setting Port Forwards [ OK ]"
# START PORT FORWARDING
# Allow UDP, DNS and Passive FTP
echo " * Allowing UDP, DNS and Passive FTP [ OK ]"
/sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow Bittorent Incomming client request
echo " * Opening Port 6881 [ OK ]"
echo " * Opening Port 6999 [ OK ]"
/sbin/iptables -A INPUT -p tcp --destination-port 6881:6999 -j ACCEPT
# Allow SSHD Incoming client request
echo " * Opening Port 22 [ OK ]"
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Allow HTTP Incoming client request
echo " * Opening Port 80 [ OK ]"
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Allow Webmin Incoming client request
echo " * Opening Port 10000 [ OK ]"
/sbin/iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
echo " * Opening Port 3000 [ OK ]"
/sbin/iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
echo " * Opening Port 4214 [ OK ]"
/sbin/iptables -A INPUT -p tcp --dport 4214 -j ACCEPT
echo " * Finished Opening Ports [ OK ]"
echo " * Starting Forward Ports to inside Servers [ OK ]"
echo " * Forwarding Port 6900 to 172.17.207.200:80 [ OK ]"
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 6900 -j DNAT --to 172.17.207.200:80
/sbin/iptables -A FORWARD -d 172.17.207.200 -p tcp --dport 6900 -j ACCEPT
echo " * Finished Forwarding Ports to inside Servers [ OK ]"
# END PORT FORWARDING
echo " * Setting Open Ports [ OK ]"
# START LOCAL PORT OPENS
# END LOCAL PORTS OPENS
echo " * Drop Everything and Log it [ OK ]"
# START DROP everything and Log it
/sbin/iptables -A INPUT -j LOG
/sbin/iptables -A INPUT -j DROP
# END DROP everything and Log it
echo " * Setting up NAT [ OK ]"
exit 0
dhcpd.conf file:
Code:
ddns-update-style none;
option domain-name "router.local";
option domain-name-servers 203.97.33.14, 203.97.37.14;
option routers 172.17.207.121;
default-lease-time 42300;
max-lease-time 84600;
authoritative;
log-facility local7;
subnet 172.17.0.0 netmask 255.255.0.0 {
range 172.17.207.1 172.17.207.100;
}
