LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-18-2003, 04:27 PM   #1
goldenmag
LQ Newbie
 
Registered: Jul 2003
Posts: 8

Rep: Reputation: 0
Question IPTABLES #Port Forwarding


Hi,

I would like to Port Forward one of my linux server that is (in) my lan.
I has wondering if this rule would be ok?


#Port Forwarding
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1234 -j DNAT --to 192.168.1.2:22
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

The main goal is to be able to use ssh from my home to be able to connect to the office on my linux server with this address 192.168.1.2.

any help please?

best regards,

 
Old 11-20-2003, 11:28 AM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Re: IPTABLES #Port Forwarding

If eth1 is your external interface and eth0 is the internal interface, everything looks OK, except for the --dport 1234 part. Are you planning on using an alternate ssh port or something? Under normal circumstances I would have expected that to be port 22 as well.
 
Old 11-21-2003, 04:34 AM   #3
chrisfirestar
Member
 
Registered: Sep 2003
Location: Adelaide, Australia
Distribution: Fedora/RH
Posts: 231

Rep: Reputation: 30
IPTABLES=/sbin/iptables
OUTSIDE=eth0

$IPTABLES -t nat -A PREROUTING -i $OUTSIDE -p tcp -m tcp --dport 22 -j DNAT --to 192.168.1.2:22

now you must allow the incoming packets...

$IPTABLES -A INPUT -i $OUTSIDE -d 0/0 -p tcp -m tcp --dport 22 -j ACCEPT

or if you want to specify an IP to access it from try:
$IPTABLES -A INPUT -i $OUTSIDE -d 0/0 -s 202.172.12.134 -p tcp -m tcp --dport 22 -j ACCEPT

Hope this helps

Last edited by chrisfirestar; 11-21-2003 at 04:37 AM.
 
Old 11-21-2003, 07:17 AM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Quote:
Originally posted by chrisfirestar
IPTABLES=/sbin/iptables
OUTSIDE=eth0

$IPTABLES -t nat -A PREROUTING -i $OUTSIDE -p tcp -m tcp --dport 22 -j DNAT --to 192.168.1.2:22

now you must allow the incoming packets...

$IPTABLES -A INPUT -i $OUTSIDE -d 0/0 -p tcp -m tcp --dport 22 -j ACCEPT

or if you want to specify an IP to access it from try:
$IPTABLES -A INPUT -i $OUTSIDE -d 0/0 -s 202.172.12.134 -p tcp -m tcp --dport 22 -j ACCEPT

Hope this helps
That would work, but I think you'd need a default FORWARD policy of ACCEPT. Otherwise the packets won't have any way to get across the box.
 
Old 11-21-2003, 08:10 AM   #5
MrGreg
Member
 
Registered: Apr 2001
Location: Hamilton
Distribution: RedHat 7.2, 9.0
Posts: 52

Rep: Reputation: 15
You'll have much better luck using the -I switch in any port forwarding manuever with iptables. The -A (append) always adds the rule to the END of the chain. Packets may be getting dealt with earlier on in the chain and never get a chance.

A good way to see the structure of your current tables is:

iptables -L --line-numbers | less

A great way to test new rules are with small scripts. One script for iptables -I; INSERTing the rules and an exact copy with the exception that all -I's are replaced with -D's for DELETE.

Last edited by MrGreg; 11-21-2003 at 08:14 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables port forwarding geoff3425 Slackware 13 12-20-2011 11:50 AM
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 08:35 PM
IPTables port forwarding.. NeoTech Linux - Networking 2 01-03-2005 12:27 PM
port forwarding with iptables David_99 Linux - Security 5 12-09-2003 09:37 PM
IPTABLES port forwarding sal_paradise42 Linux - Networking 5 10-25-2003 05:11 PM


All times are GMT -5. The time now is 07:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration