LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General > LinuxQuestions.org Member Success Stories
User Name
Password
LinuxQuestions.org Member Success Stories Just spent four hours configuring your favorite program? Just figured out a Linux problem that has been stumping you for months?
Post your Linux Success Stories here.

Notices

Reply
 
Search this Thread
Old 09-02-2009, 05:24 PM   #1
telexl
LQ Newbie
 
Registered: Aug 2009
Posts: 6

Rep: Reputation: 0
netfilter fixed my router port forwarding problem


I've recently changed ISPs and so, out went my old BT Home Hub 2, to be replaced by a D-Link ADSL router. The D-Link has a much faster administration interface than the old Home Hub, but its port forwarding options were greatly limited: it can't forward to a different port than the external port, and has a maximum of 12 rules. I have a limited knowledge of iptables/netfilter, but the manpage explains it all clearly. After a few mugs of tea and some scribbling on scraps of paper, I was able to write a few iptables rules that did the following:

1. Redirect incoming packets to port 80 to port 8080, when they come from the router (my webserver uses virtual sites and it expects 'stuff from outside' to arrive on port 8080).

2. Send incoming packets to port 81 and 8081 to another host's port 80 (the 'other host' is a Linksys WVC54G Internet video camera).

I needed to set the router to direct port 8080 to the webserver - with the iptables rules - and to also send data from ports 8081 and 81 to the webserver.

In the following excerpt from the script, environment variable SUDO is 'sudo' if the script is running as an administrative user, and empty if it's running as root. IPT_OPTS is '-v' ('be verbose') or empty. IPTABLES is 'iptables'. MAC_SOURCE is the MAC address of the router, e.g. 00:11:22:33:44:55.

Kernel modules xt_multiport and xt_mac need to be loaded.

Code:
# Send all packets from MAC_SOURCE port 80 to local port 8080
${SUDO} ${IPTABLES} ${IPT_OPTS} -t nat -A PREROUTING  -p tcp -m mac --mac-source ${MAC_SOURCE} --dport 80 -j DNAT --to-destination :8080
# Send all packets from MAC_SOURCE ports 81 and 8081 to the camera's port 80
${SUDO} ${IPTABLES} ${IPT_OPTS} -t nat -A PREROUTING  -p tcp -m mac --mac-source ${MAC_SOURCE} -m multiport --dports 81,8081 -j DNAT --to-destination 192.168.135.18:80
Those two lines saved me so much hassle!

Lex
 
Old 10-01-2009, 03:03 PM   #2
DrLove73
Senior Member
 
Registered: Sep 2009
Location: Srbobran, Serbia
Distribution: CentOS 5.5 i386 & x86_64
Posts: 1,118
Blog Entries: 1

Rep: Reputation: 129Reputation: 129
Can you please mark this thread as solved? this is proper procedure when original post is not a question or when the problem is solved. Thanks.
 
Old 10-02-2009, 08:47 AM   #3
telexl
LQ Newbie
 
Registered: Aug 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Sorry - that was my first post and I didn't know I had to do that. I'll do it now.
 
Old 10-02-2009, 09:31 AM   #4
DrLove73
Senior Member
 
Registered: Sep 2009
Location: Srbobran, Serbia
Distribution: CentOS 5.5 i386 & x86_64
Posts: 1,118
Blog Entries: 1

Rep: Reputation: 129Reputation: 129
Now I must appologize for not been precise. There is a menu called "Thread Tools" in the top of the current page (first post on current page). Click on it and select "Mark this thread as SOLVED". Something like that. The the name of your thread should get a prefix [SOLVED] so other users know that there is a solution for your problem/question/howto.

Thanks.
 
Old 10-30-2009, 09:03 AM   #5
dasli
LQ Newbie
 
Registered: Jul 2009
Posts: 4

Rep: Reputation: 0
oo..useful thanks
 
  


Reply

Tags
netfilter, networking


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Port Forwarding from Router to Client expatCM Linux - Networking 0 08-06-2008 05:38 AM
Port Forwarding For Router kool_kid Linux - Networking 4 09-25-2007 02:10 PM
port forwarding on Belkin 4-port Cable/DSL Gateway Router sycamorex Linux - Networking 5 03-05-2007 03:27 PM
Router port forwarding troubleshoot andresesfm Linux - Networking 1 09-22-2006 04:26 AM
port probe on fixed IP behind router fails ask Linux - Networking 4 10-22-2005 02:51 PM


All times are GMT -5. The time now is 07:22 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration