Port Forwarding between several machines and then to a proxy server
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Port Forwarding between several machines and then to a proxy server
Hello mates,
I've looked at all available posts made related to port forwarding but couldnt find a suitable answer.
Senario: University Network connected to another backbone network managed by a Network Admin hired by the university. (Netadmin has blocked all ports except 8080/80)
I have access to the student side servers which are connected to the backbone network.
1- I have a proxy server which is used to connect to the internet through port 8080. Hosted on the Backbone network
2- I have 3 servers under me, lets say : A - B - C
3- Now I use server A as my gateway (connected to A through a switch). Server A uses server B as a gateway and server B uses server C as a gateway.
4- Server C is connected to the backbone network which provides internet access.
Now that I have explained the LAN Setup, here is what I want to do..
I want to forward a port "eg: 3000" which is used by an application so that the application can connect to the internet.
I dont want to use Proxifier and Your-freedom but want to do simple port forwarding through the available linux servers.
How can I make that application send data to Server A which in turn DNAT's my request to Server C (bypassing B since A knows that its gw is B) and then C sends that data to the available proxy "eg: 192.168.1.1:8080"...
I have tried to do a lot of things but couldnt succeed...
DNAT on A :
iptables -t nat -A PREROUTING -p tcp -s 192.168.x.x --sport 3000 -j DNAT --to-destination 192.168.1.1:8080
but I know this wont work since server A doesnt know where 1.1 is located.
even simple port forwarding doesnt pick up packets on A:
iptables -A FORWARD -p tcp -s 192.168.x.x -d 0/0 --source-port 3000 -j ACCEPT
and I cannot add a SNAT/DNAT on server C since packets from my PC cannot reach server C in the first place..
-----------------------------------------------------------------
Hope i've explained my problem...
I'd be more that glad if any one of you people can help me in this..
if B doesn't know how to reach the machine your app is running on you'll need to masquerade on A, something like:
iptables -t nat -A POSTROUTING -o eth0 -s 172.16.0.0/24 -j MASQUERADE
the 172.16.0.0/24 would be replaced with the ip block your machine that is running the app is in
and eth0 would be the outbound interface to B
if C doesn't know how to reach A then you'll need to masquerade on B
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.1.1 -j MASQUERADE
the 172.16.1.1 would be replaced with the ip of A and eth1 would be the outbound interface to C
if the proxy server doesn't know how to reach B then you'll need to masquerade on C as well as DNATing on C
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.2.1 -j MASQUERADE
the 172.16.1.1 would be replaced with the ip of B and eth1 would be the outbound interface to C
And don't forget to turn on forwarding cat 1 > /proc/sys/net/ipv4/ip_forward
you can also usually edit your sysctl.conf to make that a permanent change
Last edited by estabroo; 10-06-2009 at 10:40 AM.
Reason: forwarding
if B doesn't know how to reach the machine your app is running on you'll need to masquerade on A, something like:
iptables -t nat -A POSTROUTING -o eth0 -s 172.16.0.0/24 -j MASQUERADE
the 172.16.0.0/24 would be replaced with the ip block your machine that is running the app is in
and eth0 would be the outbound interface to B
if C doesn't know how to reach A then you'll need to masquerade on B
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.1.1 -j MASQUERADE
the 172.16.1.1 would be replaced with the ip of A and eth1 would be the outbound interface to C
if the proxy server doesn't know how to reach B then you'll need to masquerade on C as well as DNATing on C
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.2.1 -j MASQUERADE
the 172.16.1.1 would be replaced with the ip of B and eth1 would be the outbound interface to C
And don't forget to turn on forwarding cat 1 > /proc/sys/net/ipv4/ip_forward
you can also usually edit your sysctl.conf to make that a permanent change
Ty for helping...ill give it a go tomorrow..and get back to you.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.