LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-30-2011, 07:58 AM   #1
slayernicke
LQ Newbie
 
Registered: Jun 2011
Posts: 5

Rep: Reputation: Disabled
Iptables - how to portforward to external IP and ports?


Hi

I want to portforward client connections from an ubuntu lts server to another external server. btw i am a noob on iptables.
i have tryed using the basic commands for iptables with no success. For example:

iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 7878 -j DNAT --to 91.23.45.67:7878

iptables -A FORWARD -p tcp -i eth1 -o eth0 -d 91.23.45.67 --dport 7878 -j ACCEPT

so basically i just want a rediraction for from one ip to another. Example: A client tries to connect to ip 123.45.67.89 on port 7878 and the server forwards him to ip xx.xx.xx.xx on port 7878, meaning that xx.xx.xx.xx is the actual server with services. Server with ip 123.45.67.89 is only forwarding the client to external ip... how can this be done in a simple command?

Thanks in advance
Nico
 
Old 06-30-2011, 10:24 AM   #2
Linux.tar.gz
Senior Member
 
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,420

Rep: Reputation: 95
Take a look at this firewall builder. You will learn a lot of interesting things :

http://connie.slackware.com/~alien/efg/
 
Old 06-30-2011, 11:11 AM   #3
slayernicke
LQ Newbie
 
Registered: Jun 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
i have already tested this generator. It doesnt give examples on external ip routing, only internal portforwarding. If you understood my question than maybe you will realise that the command i am looking for may be very simple...? its only a question of forwarding a client from one ip to another EXTERNAL ip, given the ports.
 
Old 06-30-2011, 04:24 PM   #4
akyuzremzi
LQ Newbie
 
Registered: Apr 2009
Posts: 5

Rep: Reputation: 0
After this
iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 7878 -j DNAT --to 91.23.45.67:7878

iptables -A FORWARD -p tcp -i eth1 -o eth0 -d 91.23.45.67 --dport 7878 -j ACCEPT

rules;

iptables -t nat -A POSTROUTING -j MASQUERADE
sysctl -w net.ipv4.ip_forward=1

and you can look your trafic with iptstate.

PS: Full traffic passes through you.
 
Old 07-01-2011, 03:31 AM   #5
slayernicke
LQ Newbie
 
Registered: Jun 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
thanks for your respons. But it didnt work.

since all rules already are set to ACCEPT i am only adding this specific portforward rule. Assume port 7878 is a port that can be open via web browser, for example http://linux.dyndns.com:7878. I have done this very easily with router system called smoothwall. The router only acts as a messenger between the external server and clients. So the actual server only recieves one sort of ip from all connecting clients, which is the one of the router, because they are all connecting through it.
Now i want to try and doing this with linux iptabels or similar...
if you understand that all i want is to let the traffic pass through me, than maybe you can try it yourself with a testing port and help me out?
 
Old 07-02-2011, 12:44 AM   #6
akyuzremzi
LQ Newbie
 
Registered: Apr 2009
Posts: 5

Rep: Reputation: 0
I think the rules should work.
Have you seen the request from iptstate?
What exactly is the error?

Detail to determine the cause of failure may be better to try the following.

----------------------------------------------------------------------------------------------------------------

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -F
iptables -F -t nat
iptables -X
iptables -X -t nat

iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 7878 -j LOG --log-prefix="PreRouting 7878..:"

iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 7878 -j DNAT --to 91.23.45.67:7878

iptables -A FORWARD -p tcp -i eth1 -o eth0 -d 91.23.45.67 --dport 7878 -j LOG --log-prefix="Forward 7878..:"

iptables -A FORWARD -p tcp -i eth1 -o eth0 -d 91.23.45.67 --dport 7878 -j ACCEPT

iptables -A INPUT -p tcp --dport 7878 -j LOG --log-prefix="Input 7878..:"

iptables -t nat -A POSTROUTING -j MASQUERADE
sysctl -w net.ipv4.ip_forward=1
-----------------------------------------------------------------------------------------------------------------


After that, you tell the output of dmesg,netstat -rn, ifconfig, iptables -L -vnx --line-number, iptables -t nat -L -vnx --line-number?

Last edited by akyuzremzi; 07-02-2011 at 12:46 AM.
 
Old 07-04-2011, 04:21 AM   #7
slayernicke
LQ Newbie
 
Registered: Jun 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
just made it happen thanx so much for your help mate

Last edited by slayernicke; 07-04-2011 at 05:36 AM.
 
Old 07-04-2011, 04:58 AM   #8
slayernicke
LQ Newbie
 
Registered: Jun 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
just made it happpen thanks anyway mate!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
open ports for utorrent using iptables n close smpt to that ports shtorrent00 Linux - Networking 2 09-30-2008 03:34 PM
how? redirect apache2 outbound ports to specific ports w/iptables? nowshining Linux - Security 5 05-27-2008 02:46 AM
reject all ip & ports and allow only some ports with iptables ysar68 Linux - Security 1 05-12-2007 08:50 PM
I can't make it. VTUN between 2 gentoos and portforward from gentoo1 to gentoo2 JAY-D Linux - Networking 4 12-01-2006 09:14 PM
How do I portforward webmin/ssl/ssh (the whole world) onto another box FunkFlex Linux - Security 5 04-17-2002 08:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration