Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
07-23-2013, 02:04 PM
|
#1
|
Member
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 787
Rep:
|
IPtables : ssh port forwarding one port to another port issue
Hi , need some help
OS : CentOS 6 64 with KVM intel
Issue : IPtables & SSH
I have used this function for so long without issue
then today i update my CentOS, all sudden stop working
here is the command
Code:
$IPT -t nat -I PREROUTING -p tcp -d 202.28.88.140 --dport 2222 -j DNAT --to 192.168.122.150:22
supposed when i do ssh root@202.28.88.140 -p 2222 its forward my connection ssh to internal system 192.168.122.150
FYI 192.168.122.150 is another centos vm in the same host.
however if from inside host system
i can ssh root@192.168.122.150 w/o any issue
any extra info need please let me know
thanks a lot
Routers
|
|
|
07-23-2013, 02:18 PM
|
#2
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,350
Rep: 
|
If the FORWARD policy in the filter table is set to DROP, you will need a rule allowing SSH traffic from anywhere to 192.168.122.150:22 (the FORWARD chain sees the NATed packet).
Also, make sure IP forwarding (routing) is enabled.
|
|
|
07-23-2013, 02:43 PM
|
#3
|
Member
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 787
Original Poster
Rep:
|
thanks for reply
however drop is not used
just have
$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
|
07-23-2013, 02:47 PM
|
#4
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,350
Rep: 
|
Please post the output of the following two commands:
Code:
cat /proc/sys/net/ipv4/ip_forward
iptables -L
|
|
|
07-23-2013, 03:01 PM
|
#5
|
Member
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 787
Original Poster
Rep:
|
Code:
[root@KVM140 ~]# cat /proc/sys/net/ipv4/ip_forward
1
Code:
[root@KVM140 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:oa-system
ACCEPT tcp -- anywhere anywhere tcp dpt:intu-ec-client
ACCEPT tcp -- anywhere anywhere tcp dpt:8834
ACCEPT tcp -- anywhere anywhere tcp dpt:8833
ACCEPT udp -- anywhere anywhere udp dpt:pptp
ACCEPT tcp -- anywhere anywhere tcp dpt:8150
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
now i smelly the issue there port 2222 is not shown
|
|
|
07-24-2013, 12:20 AM
|
#6
|
Member
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 787
Original Poster
Rep:
|
Solved
Marked Solved
info: Although we set static vm, eg 192.168.122.100 ,
we still need to execute dhclient for each vm
otherwise this port to port forwarding will not work
Cheers
Routers
|
|
|
08-07-2018, 08:25 AM
|
#7
|
LQ Newbie
Registered: Aug 2018
Posts: 4
Rep: 
|
VM1 can be accessed via SSH from subnet 10.1.0.0/22 on 10.1.0.1:2222.
Gentleman,
I have a task and I need help here with iptables please.
Task says: VM1 can be accessed via SSH from subnet 10.1.0.0/22 on 10.1.0.1:2222.
I am running 5 virtual machines here , all are ubuntu server 16.04
I have ubuntu server (router) with two different networks: Network A = 10.10.1.0./26 and Network B = 10.1.0.1/22
In Network A i have two clients: VM1 with IP: 10.10.1.20/26 (static address) and VM2 with IP: 10.10.1.30/26 (static address)
Network B has 2 clients also: VM3 with IP: 10.1.0.100/22 (DHCP Reserved) and VM4 with IP: 10.1.1.100/22 (DHCP Reserved)
Router@ubuntu-server interfaces:
enp0s3 inet addr:10.10.1.1 Bcast:10.10.1.63 Mask:255.255.255.192 (this is inteface for lan subnet 10.10.1.0/26)
enp0s8 inet addr:10.1.0.1 Bcast:10.1.3.255 Mask:255.255.252.0 (this is interface for lan subnet 10.1.0.1/22)
enp0s9 inet addr:192.168.110.229 Bcast:192.168.110.255 Mask:255.255.255.0 (this is bridged adapter to my host computer and have internet access)
Please advise.
Diagram of network is here:
https://ibb.co/e1BJQe
|
|
|
08-07-2018, 08:41 AM
|
#8
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,805
|
Quote:
Originally Posted by max1m0
Gentleman,
I have a task and I need help here with iptables please.
Task says: VM1 can be accessed via SSH from subnet 10.1.0.0/22 on 10.1.0.1:2222. I am running 5 virtual machines here , all are ubuntu server 16.04 I have ubuntu server (router) with two different networks: Network A = 10.10.1.0./26 and Network B = 10.1.0.1/22
In Network A i have two clients: VM1 with IP: 10.10.1.20/26 (static address) and VM2 with IP: 10.10.1.30/26 (static address) Network B has 2 clients also: VM3 with IP: 10.1.0.100/22 (DHCP Reserved) and VM4 with IP: 10.1.1.100/22 (DHCP Reserved)
Router@ubuntu-server interfaces:
enp0s3 inet addr:10.10.1.1 Bcast:10.10.1.63 Mask:255.255.255.192 (this is inteface for lan subnet 10.10.1.0/26)
enp0s8 inet addr:10.1.0.1 Bcast:10.1.3.255 Mask:255.255.252.0 (this is interface for lan subnet 10.1.0.1/22)
enp0s9 inet addr:192.168.110.229 Bcast:192.168.110.255 Mask:255.255.255.0 (this is bridged adapter to my host computer and have internet access)
Please advise.
|
You need to read the LQ Rules and "Question Guidelines". You re-opened a thread that had been closed for FIVE YEARS, to hijack it with your own question. Neither is good. You need to open your own thread for your own question.
Also, this sounds *VERY* much like a homework question. Why don't you show us what you've done/tried so far, when you open your own thread?
|
|
|
All times are GMT -5. The time now is 03:23 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|