Hello mates,

I've looked at all available posts made related to port forwarding but couldnt find a suitable answer.

Senario: University Network connected to another backbone network managed by a Network Admin hired by the university. (Netadmin has blocked all ports except 8080/80)
I have access to the student side servers which are connected to the backbone network.

1- I have a proxy server which is used to connect to the internet through port 8080. Hosted on the Backbone network

2- I have 3 servers under me, lets say : A - B - C

3- Now I use server A as my gateway (connected to A through a switch). Server A uses server B as a gateway and server B uses server C as a gateway.

4- Server C is connected to the backbone network which provides internet access.

Now that I have explained the LAN Setup, here is what I want to do..

I want to forward a port "eg: 3000" which is used by an application so that the application can connect to the internet.

I dont want to use Proxifier and Your-freedom but want to do simple port forwarding through the available linux servers.

How can I make that application send data to Server A which in turn DNAT's my request to Server C (bypassing B since A knows that its gw is B) and then C sends that data to the available proxy "eg: 192.168.1.1:8080"...

I have tried to do a lot of things but couldnt succeed...

DNAT on A :
iptables -t nat -A PREROUTING -p tcp -s 192.168.x.x --sport 3000 -j DNAT --to-destination 192.168.1.1:8080

but I know this wont work since server A doesnt know where 1.1 is located.

even simple port forwarding doesnt pick up packets on A:
iptables -A FORWARD -p tcp -s 192.168.x.x -d 0/0 --source-port 3000 -j ACCEPT

and I cannot add a SNAT/DNAT on server C since packets from my PC cannot reach server C in the first place..
-----------------------------------------------------------------
Hope i've explained my problem...

I'd be more that glad if any one of you people can help me in this..

Thanks! =)

Id be grateful if I can get some sort of an answer...

Ty

maybe you want --dport instead of --sport, source port is the port the application is coming from not going to

Thanks!!

Can you please tell me in steps, what to do!

if B doesn't know how to reach the machine your app is running on you'll need to masquerade on A, something like:
iptables -t nat -A POSTROUTING -o eth0 -s 172.16.0.0/24 -j MASQUERADE

the 172.16.0.0/24 would be replaced with the ip block your machine that is running the app is in
and eth0 would be the outbound interface to B

if C doesn't know how to reach A then you'll need to masquerade on B

iptables -t nat -A POSTROUTING -o eth1 -s 172.16.1.1 -j MASQUERADE
the 172.16.1.1 would be replaced with the ip of A and eth1 would be the outbound interface to C

if the proxy server doesn't know how to reach B then you'll need to masquerade on C as well as DNATing on C

iptables -t nat -A POSTROUTING -o eth1 -s 172.16.2.1 -j MASQUERADE
the 172.16.1.1 would be replaced with the ip of B and eth1 would be the outbound interface to C

iptables -t nat -A PREROUTING -p tcp --dport 3000 -j DNAT --to-destination 192.168.1.1:8080


And don't forget to turn on forwarding cat 1 > /proc/sys/net/ipv4/ip_forward
you can also usually edit your sysctl.conf to make that a permanent change

Ty for helping...ill give it a go tomorrow..and get back to you.

Thanks