LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page how to port forward
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-01-2016, 07:37 AM   #1
hackmaster
LQ Newbie
 
Registered: May 2016
Posts: 1

Rep: Reputation: Disabled
how to port forward

I set up a raspberry as vpn gateway. I would like now to forward all the packets from vpn port 80 interface tun0 to a local pc connected to the local lan eth0 with local ip of 192.168.1.250 port 80. Could someone give me the right iptables rule?

I tryied with no solution all this differents set

SET 1
sudo iptables -I FORWARD -i tun0 -p udp -d 192.168.1.250 --dport 80 -j ACCEPT
sudo iptables -I FORWARD -i tun0 -p tcp -d 192.168.1.250 --dport 80 -j ACCEPT
sudo iptables -t nat -I PREROUTING -i tun0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.250
sudo iptables -t nat -I PREROUTING -i tun0 -p udp --dport 80 -j DNAT --to-destination 192.168.1.250

SET2
sudo iptables -A FORWARD -i tun0 -o eth0 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -i tun0 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o tun0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.250

SET3
sudo iptables -t nat -A POSTROUTING --out-interface eth0 -j MASQUERADE
sudo iptables -A FORWARD --in-interface tun0 -j ACCEPT
sudo iptables -t nat -A PREROUTING -p tcp -i tun0 -m tcp --dport 80 -j DNAT --to-destination 192.168.1.250:80


Base case (no modification) iptables are:
# Generated by iptables-save v1.4.21 on Sun May 1 14:26:26 2016
*filter
:INPUT ACCEPT [290:31586]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [110:8444]
-A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o tun0 -j ACCEPT
-A OUTPUT -o tun0 -m comment --comment vpn -j ACCEPT
-A OUTPUT -o eth0 -p icmp -m comment --comment icmp -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -m comment --comment lan -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 443 -m comment --comment openvpn -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 22 -m comment --comment ssh -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 123 -m comment --comment ntp -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 53 -m comment --comment dns -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 53 -m comment --comment dns -j ACCEPT
-A OUTPUT -o eth0 -j DROP
COMMIT
# Completed on Sun May 1 14:26:26 2016
# Generated by iptables-save v1.4.21 on Sun May 1 14:26:26 2016
*nat
:PREROUTING ACCEPT [44:5055]
:INPUT ACCEPT [41:4580]
:OUTPUT ACCEPT [55:5869]
:POSTROUTING ACCEPT [41:2931]
-A POSTROUTING -o tun0 -j MASQUERADE
COMMIT
# Completed on Sun May 1 14:26:26 2016
Last edited by hackmaster; 05-01-2016 at 09:27 AM.
 
Old 05-01-2016, 03:28 PM   #2
rigor
Member
 
Registered: Sep 2003
Location: 19th moon ................. ................Planet Covid ................Another Galaxy;............. ................Not Yours
Posts: 705

Rep: Reputation: Disabled
hackmaster,

In Linux I'm used to forwarding being disabled by default and having to be enabled, such as by:

Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
or via various config files, or the sysctl command, depending the Linux "distro." you are using.

Did you enable forwarding?
Last edited by rigor; 05-01-2016 at 03:30 PM.
 
Old 05-03-2016, 01:05 AM   #3
mralk3
Slackware Contributor
 
Registered: May 2015
Distribution: Slackware
Posts: 1,900

Rep: Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050
how to port forward
Another way that is persistent between reboot:
Edit /etc/sysctl.conf as root and add to the end
Code:
 
net.ipv4.ip_forward = 1
Then run as root to enable it
Code:
sysctl -p
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Closed Port/Port in use when attempting to port forward for server. Tetrad Linux - Networking 2 07-06-2015 11:54 AM
[SOLVED] iptables port forward not working for port range mapping to anohter Port range in Linux 2.6.39 kinghong66 Linux - Networking 2 06-17-2015 07:17 PM
Iptables can't port forward (PAT Port address translation) sfrederiksen Linux - Networking 7 12-20-2011 10:47 AM
If I forward a port in iptables, does the port have to be open on the firewall? qwertyjjj Linux - Server 4 08-06-2009 09:22 AM
Forward port port 80 to lan web server dulaus Linux - Networking 9 10-04-2002 03:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:03 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration