Iptables port forwording

shorto · 07-13-2006, 09:16 AM

Hi!
I just wanted to ask does anyone know how to "modify" this command:

iptables -t nat -A PREROUTING -p TCP --dport 6689 -j REDIRECT --to-port 6689

so that the port will forward from 192.168.0.1 to 192.168.0.2 (From my Linux server to my Workstation), so I can be connectable on irc, torrents and other p2p programs. I was given the command at one point by someone but not on a forum on irc but i had to format my disk and this is the only "simular" command that i could find to tell you what i need

(even n00bs have to exist don't we?

)

Tnx in advance,
shorto

cdhgee · 07-13-2006, 09:23 AM

Try this:

Code:

iptables -t nat -A PREROUTING -p TCP --dport 6689 -j REDIRECT --to-destination 192.168.0.2:6689

I haven't tested this so I can't guarantee it works but something like this ought to. Have a look at the iptables man page if you get stuck.

shorto · 07-13-2006, 09:26 AM

shorto:/home/shorto# iptables -t nat -A PREROUTING -p TCP --dport 32459 -j REDIRECT --to-destination 192.168.0.2:32459
iptables v1.2.11: Unknown arg `--to-destination'
Try `iptables -h' or 'iptables --help' for more information.

tnx for the link will try to get it right

cdhgee · 07-13-2006, 09:30 AM

Just found this link too, ignore the bit about the bastille firewall but the bit about iptables might help you. It's for a slightly older version of the kernel though so somethings may have changed since then.

Matir · 07-13-2006, 09:40 AM

-j REDIRECT changes ports within the same machine (to redirect port 80 to 8080, for example). You need to use -j DNAT (destination network address translation) instead.

shorto · 07-13-2006, 11:19 AM

hmm now i don't get an error it just doesnt do what it's supposed to do

Matir · 07-13-2006, 11:30 AM

You want connections from the internet (through the server) to reach 192.168.0.2, right? Make sure the port is open on the firewall as well as being NAT'd. You'd need

Code:

iptables -A FORWARD -p tcp --dport 6689 -j ACCEPT

shorto · 07-13-2006, 01:33 PM

iptables -t nat -A PREROUTING -p UDP --dport 32459 -j DNAT --to-destination 192.168.0.2:32459
iptables -A FORWARD -p tcp --dport 32459 -j ACCEPT

this is what i enterd but still nothing ): Matir yes thats what i need

Matir · 07-13-2006, 02:06 PM

How have you tested that this is not working? What symptoms do you experience?

shorto · 07-13-2006, 02:19 PM

well i enter this and just restarted the aplications runing on my workstation (192.168.0.2) it was a torrent client and on the site it still says i'm unconnectable and my client says the same...

Matir · 07-13-2006, 02:50 PM

Did you open/forward all the neccessary ports? I don't remember exactly, but I seem to recall it being 6881-6899 or something similar.

shorto · 08-26-2006, 08:05 PM

well i forgot that i asked this here but thanks i have fixed the problem i found my old iptables save file and i just restored it and it works fine now.

thank you for your help