LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page [SOLVED] iptables and port forwarding
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-03-2010, 11:07 AM   #1
arashi256
Member
 
Registered: Jan 2008
Location: Brighton, UK
Distribution: Ubuntu 18.04 / CentOS 7.6
Posts: 397

Rep: Reputation: 62
iptables and port forwarding

I'm trying to set up IP masquerading under iptables. Essentially, I want to forward any traffic to port 7070 on a static IP address machine to a DHCP assigned address (192.168.1.*) machine behind it to port 80 since we've got no public IP addresses spare. After reading up on iptables, I figured this should work as a config (/etc/sysconfig/iptables) on the static IP machine: -

Code:
-A PREROUTING -p tcp -i eth0 --dport 7070 -j DNAT --to 192.168.1.8:80
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p tcp -i eth0 -o eth0 -d 192.168.1.8 --dport 80 -m state --state NEW -j ACCEPT
...but when restarting the iptables service, it complains about the first line (but fails to explain why). What am I doing wrong?

I've enabled ip_forward = 1 module.

I'm also not sure if I should be editing the /etc/sysconfig/iptables file directly....how should this be done usually? I'm using Fedora 12.
 
Old 03-03-2010, 11:44 AM   #2
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
So you are using NAT then ?

Read the docs :

http://www.redhat.com/docs/manuals/e...rerouting.html

You can read the previous few pages to read about NAT and masquerading.
 
0 members found this post helpful.
Old 03-03-2010, 11:45 AM   #3
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Quote:
Originally Posted by arashi256 View Post
...
I'm trying to set up IP masquerading under iptables. Essentially, I want to forward any traffic to port 7070 on a static IP address machine to a DHCP assigned address (192.168.1.*)
...
1. Masquerading and forwarding - two different tasks.
2. Forward traffic to DHCP assigned IP is difficult, because how knows which IP your host will get next time. I suggest to give it a static IP, like 192.168.1.20.

Can you do it?
 
0 members found this post helpful.
Old 03-03-2010, 11:54 AM   #4
spampig
Member
 
Registered: Feb 2010
Location: /Earth/UK/England/Hampshire
Distribution: Debian, Ubuntu, CentOS, Slackware
Posts: 262
Blog Entries: 2

Rep: Reputation: 56
This is nothing more than a wild guess, so apologies if it does not help you:

Insert the rule:
Quote:
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 7070 -j DNAT --to-destination 192.168.1.8:80
If it does not work remove it like this....
Quote:
iptables -t nat -D PREROUTING -p tcp -i eth0 --dport 7070 -j DNAT --to-destination 192.168.1.8:80
It may stop your error, but I can't say if it will do what you want!
 
1 members found this post helpful.
Old 03-03-2010, 01:08 PM   #5
arashi256
Member
 
Registered: Jan 2008
Location: Brighton, UK
Distribution: Ubuntu 18.04 / CentOS 7.6
Posts: 397

Original Poster
Rep: Reputation: 62
Thanks spampig for your helpful response - I'll try it. I gather using "iptables" from the command-line is different to inserting this rule directly into the iptables config file? I've inserted rule like this before, but they don't seem to be reflected in the /etc/sysconfig/iptables config file. Where are these rules stored if not there? I'd prefer to add these directives directly to some sort of configuration file, if possible.
 
Old 03-04-2010, 09:19 AM   #6
arashi256
Member
 
Registered: Jan 2008
Location: Brighton, UK
Distribution: Ubuntu 18.04 / CentOS 7.6
Posts: 397

Original Poster
Rep: Reputation: 62
No, didn't work. Ah well.
 
Old 03-10-2010, 07:02 AM   #7
arashi256
Member
 
Registered: Jan 2008
Location: Brighton, UK
Distribution: Ubuntu 18.04 / CentOS 7.6
Posts: 397

Original Poster
Rep: Reputation: 62
Managed it...

In case anyone else wants to do something similar...

iptables-config:
Code:
IPTABLES_MODULES="iptable_nat"
iptables:
Code:
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
-A PREROUTING -i eth0 -p tcp --dport 7070 -j DNAT --to-destination 192.168.1.8:80
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i eth0 -m state --state NEW -m tcp -p tcp -d 192.168.1.8 --dport 80 -j ACCEPT
COMMIT
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables port forwarding _kure_ Linux - Networking 7 01-16-2012 04:19 AM
iptables port forwarding geoff3425 Slackware 13 12-20-2011 10:50 AM
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 07:35 PM
IPTABLES and port forwarding freibuis Linux - Networking 5 04-21-2004 09:06 PM
Iptables - Port Forwarding luivm Linux - Networking 3 05-19-2003 02:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:11 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration