LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-12-2003, 03:06 PM   #1
chtthies
LQ Newbie
 
Registered: Nov 2003
Posts: 10

Rep: Reputation: 0
Unhappy How shoul I open a TCP port?


Hi there

This is my second post for this issue.
I have been trying to do NAT throug firewall box, but I can't make itworks.
Let me explain my need

Public Ip --------Firewall------- Internal Ip
200.69.219.229 192.168.5.1

I need to listen on port 4000 in the firewall (not opened yet, cause no service use it, the real service resides in the internal machine), and forward that to an internal IP, 192.168.5.2 por 4000. I think you call this NAT

Problems.
1) I need to open port 4000, don't know how
2) I need to forward packets that reach 200.69.219.229:4000 to 192.168.5.2:4000.

For point 2, I have tryed this

iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 4000 -j DNAT --to 192.168.5.2:4000

with no success at all

If anyone can help me with this, I'll be pleased

Thanks in advance

Christian
 
Old 11-12-2003, 03:50 PM   #2
dorian33
Member
 
Registered: Jan 2003
Location: Poland, Warsaw
Distribution: LFS, Gentoo
Posts: 587

Rep: Reputation: 32
Looking at your iptables rule you are very close the solution....
The iptables rule you've used it states 'all the packets sent to the firewall's eth0, to port 4000 should have changed destination address' and looks ok.
But you need also:
a. allow this packet to be forwarded
c. allow returning packet(s) to be forwarded back
So you need to add at least:
1. iptables -A FORWARD -j ACCEPT
2. set the kernel for packet forwarding with command 'echo 1 > /proc/sys/net/ipv4/ip_forward'
3. take care of the source address for the forwarded back packets (POSTROUTING with MASQUERADE or SNAT target).
Look: your rule changes the destination address. (The source is constat). So your internal box can see where to send 'response'. And the host which sent the request will get the 'response'. But it will ignore it since it will get it not from host it asked for. Therefore you need (3)

Of course, you can complicate above 'forward' and 'postrouting' rules. For instance you can block non-to-4000-port packets, trace them with '--state' switch etc.

BTW: 'Open' port means nothing else than accepting the packets sent to this port.

The iptables is very simple and logical. Read this.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP Port 53 Open - How to enable UDP 53? stardotstar Linux - Networking 6 03-16-2005 04:49 AM
Open tcp port & mails that i do not send. jrfly Linux - General 1 02-02-2005 09:02 PM
does CUPS need internet and open TCP port? servnov Linux - Newbie 1 11-14-2004 11:45 AM
TCP port 603 open sharpie Linux - Security 6 04-21-2004 09:48 PM
How to know some more about an open TCP port? yuzuohong Linux - General 1 05-12-2003 09:42 PM


All times are GMT -5. The time now is 05:28 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration