LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-26-2010, 05:45 PM   #1
marzak
LQ Newbie
 
Registered: Jul 2005
Distribution: Slackware 13/Ubuntu 8.10
Posts: 3

Rep: Reputation: 0
Question Port Forwarding Within Internal Network


Hello all,

I have a question about port forwarding. I have an internal Red Hat server and I would like to use it as a central connection point to some back end servers. This is not an internet router setup. I was thinking I could use iptables and do port forwarding similar to an internet router but internal to internal. Here is a simplified example of what I am looking for:

server1
eth0 192.168.0.5
eth1 192.168.0.6

server2
eth0 192.168.0.11

Basically I would like to take any connections to port 22 on server1 interface eth0 and forward them out of interface eth1 to server2 port 22.

I am finding a lot of information on port forwarding, but it is all based on using an internet router that is passing through to an internal server. I need to know how to configure a basic linux setup
with no existing iptables entries so that I can do this within an existing network.

Also, if there is a better or easier approach I would appreciate any direction. I don't want to do this through an SSH tunnel.

I know to start I need the following to enable forwarding in the kernel and a firewall PREROUTING rule.

sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.0.5 --dport 22 -j DNAT --to 192.168.0.11:22

I was thinking I am missing something like the following, but I am not sure.

iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Thanks
 
Old 02-26-2010, 06:10 PM   #2
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
I do not think you need MASQUERADE rule.

Everything else looks good and should be enough.

But how do they communicate between each other?

Also I thing you need to give different interfaces different subnetwork IP:
192.168.1.5 - eth0
192.168.2.5 - eth1 Server 1

192.168.2.10 - eth0 Server2, if you want it to be on the same LAN with eth1 Server1.

Last edited by nimnull22; 02-26-2010 at 06:21 PM.
 
Old 02-26-2010, 06:51 PM   #3
marzak
LQ Newbie
 
Registered: Jul 2005
Distribution: Slackware 13/Ubuntu 8.10
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks, nimnull22.

I don't have an option on the addressing. The machines are all on the same subnet (server1 and server2 and any client machines).

I am not sure what you mean about how they communicate between each other. I assumed the client would contact server1 (192.168.0.5) on port 22. It would forward to server2 port 22 and traffic would flow back to the client through server1. That is why I was thinking about the masquerade rule.

Basically the client wouldn't know about server2. It would assume all interaction was with server1.

Thanks,
 
Old 02-26-2010, 07:45 PM   #4
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Quote:
Originally Posted by marzak View Post
Thanks, nimnull22.


I am not sure what you mean about how they communicate between each other. I assumed the client would contact server1 (192.168.0.5) on port 22. It would forward to server2 port 22 and traffic would flow back to the client through server1. That is why I was thinking about the masquerade rule.

Basically the client wouldn't know about server2. It would assume all interaction was with server1.

Thanks,
Where do you connect ethernet cards of the Server 1 and 2?
 
Old 02-26-2010, 08:05 PM   #5
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Quote:
Originally Posted by marzak View Post
Thanks, nimnull22.


I am not sure what you mean about how they communicate between each other. I assumed the client would contact server1 (192.168.0.5) on port 22. It would forward to server2 port 22 and traffic would flow back to the client through server1. That is why I was thinking about the masquerade rule.

Basically the client wouldn't know about server2. It would assume all interaction was with server1.

Thanks,
Where do you connect ethernet cards of the Server 1 and 2?
If you need to hide IP of second server, yes masquerading will help.
 
Old 02-27-2010, 10:39 AM   #6
marzak
LQ Newbie
 
Registered: Jul 2005
Distribution: Slackware 13/Ubuntu 8.10
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by nimnull22 View Post
Where do you connect ethernet cards of the Server 1 and 2?
If you need to hide IP of second server, yes masquerading will help.
The ethernet cards for Server1 and Server2 are connected to the same switch.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
port forwarding to internal network at another location thru lease line milind19 Linux - Networking 1 02-29-2008 08:53 AM
Port Forwarding to RHEL Internal Webserver thiruknv Linux - Networking 1 01-29-2007 04:14 PM
Port Forwarding not working for Internal requests angelgw Linux - Networking 2 06-29-2003 12:42 AM
IPTABLES port forwarding to internal network ivanros Linux - Networking 2 12-28-2002 10:19 PM
Port forwarding to internal machine zamzara Linux - Networking 8 12-01-2002 12:21 AM


All times are GMT -5. The time now is 08:42 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration