port forward from eth0 to eth1

ryanzietlow · 02-28-2005, 08:40 AM

I am trying to allow access to webmin over the Internet. My network is setup as follows

Remote machine <-----> Router <-----> eth0 (Linux Box) eth1 <----> Internal network

I want to forward the webmin port 10000 from eth0 to eth1 so that i can remotely access webmin from the remote location.

I have port forwarding setup on the router but i do not know how to go about forwarding the port from eth0 to eth1. I am using dynamic ips on the remote end. Any suggestions?

Thanks

david_ross · 02-28-2005, 03:19 PM

If webmin is on the linux box just configure it to listen on all ips.

jschiwal · 02-28-2005, 04:17 PM

Here is a good paper on NAT. http://www.hasenstein.com/linux-ip-n...00000000000000

You can do this at the gateway setup dialog. You haven't indicated which distribution and kernel you are using. Most linuxes use iptables, which is part of Netfilter.

Your linux gateway will have a dialog for setting up the gateway ( although there may be a separate program for the Masquerade setup ). And since you are using Webmin on your system, I bet that may be what you used. You could run web min to administer the gateway computer locally to set up the masquerading (NAT) needed on the gateway to translate/forward the webmin (port 10000) traffic.

All of these tools rewrite the ipchains or iptables setup file which is loaded during startup. You probably use iptables if you have a 2.4 or later kernel.

michaelk · 02-28-2005, 05:58 PM

Just a FYI. I would not recommend using webmin as a remote administration tool unless you run it in ssl mode or use a tunnel.
Webmin login and password are normally passed between your browser and the server in unencrypted form, an attacker with access to any of the networks between the browser and server can easily capture your Webmin login.

You will only need to forward port 10000 if the linux PC your connecting to is not the one in your diagram.

ryanzietlow · 02-28-2005, 07:41 PM

The box in my diagram is the linux box running webmin. i try to point my browser to https://xxx.xxx.xxx.xxx and it gives me the routers setup console. I point my browser to xxx.xxx.xxx.xxx:10000 and it give me a connection refused page. Webmin is set up to allow all ips. My router gives eth0 a 10.x.x.x address while my internal addresses (eth1) are 90.x.x.x could this be causing the confusion?
I know that my isp is not blocking port 10000.
Is this something that I need to set up in iptables or by a gateway? That would be something I have not dealt with yet, so some help or turtorials would be great. Appreciate the time and help.

michaelk · 02-28-2005, 09:07 PM

Can you access webmin from another networked PC?

ryanzietlow · 03-01-2005, 07:29 AM

i can access webmin from inside my local network. but trying to access from outside (Internet) gives me this page:

ERROR
The requested URL could not be retrieved
-------------------------------------------------------------------------------

While trying to retrieve the URL: https://xxx.xxx.xxx.xxx:10000/

The following error was encountered:

Connection Failed
The system returned:

(111) Connection refused
The remote host or network may be down. Please try the request again.

Your cache administrator is root.
-------------------------------------------------------------------------------
Generated Tue, 01 Mar 2005 13:29:52 GMT by abvmschool (squid/2.5.STABLE1)

any thoughts?

michaelk · 03-01-2005, 10:02 AM

Could be a firewill issue. Is one running on the linux box?

ryanzietlow · 03-01-2005, 10:08 AM

i turned the firewall off on the linux box to try and figure this out.
could it have something to do with my modem/router. It is a aethra starbridge eb1030

could it be a squid issue?