LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-23-2013, 02:04 PM   #1
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 780
Blog Entries: 6

Rep: Reputation: 75
IPtables : ssh port forwarding one port to another port issue


Hi , need some help
OS : CentOS 6 64 with KVM intel
Issue : IPtables & SSH

I have used this function for so long without issue
then today i update my CentOS, all sudden stop working
here is the command

Code:
$IPT -t nat -I PREROUTING -p tcp -d 202.28.88.140 --dport 2222 -j DNAT --to 192.168.122.150:22
supposed when i do ssh root@202.28.88.140 -p 2222 its forward my connection ssh to internal system 192.168.122.150

FYI 192.168.122.150 is another centos vm in the same host.
however if from inside host system
i can ssh root@192.168.122.150 w/o any issue

any extra info need please let me know

thanks a lot

Routers
 
Old 07-23-2013, 02:18 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,536

Rep: Reputation: Disabled
If the FORWARD policy in the filter table is set to DROP, you will need a rule allowing SSH traffic from anywhere to 192.168.122.150:22 (the FORWARD chain sees the NATed packet).

Also, make sure IP forwarding (routing) is enabled.
 
Old 07-23-2013, 02:43 PM   #3
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 780

Original Poster
Blog Entries: 6

Rep: Reputation: 75
thanks for reply
however drop is not used

just have
$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 
Old 07-23-2013, 02:47 PM   #4
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,536

Rep: Reputation: Disabled
Please post the output of the following two commands:
Code:
cat /proc/sys/net/ipv4/ip_forward

iptables -L
 
Old 07-23-2013, 03:01 PM   #5
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 780

Original Poster
Blog Entries: 6

Rep: Reputation: 75
Code:
[root@KVM140 ~]# cat /proc/sys/net/ipv4/ip_forward
1
Code:
[root@KVM140 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:oa-system 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:intu-ec-client 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8834 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8833 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:pptp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8150 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
now i smelly the issue there port 2222 is not shown
 
Old 07-24-2013, 12:20 AM   #6
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 780

Original Poster
Blog Entries: 6

Rep: Reputation: 75
Solved

Marked Solved
info: Although we set static vm, eg 192.168.122.100 ,
we still need to execute dhclient for each vm

otherwise this port to port forwarding will not work



Cheers


Routers
 
Old 08-07-2018, 08:25 AM   #7
max1m0
LQ Newbie
 
Registered: Aug 2018
Posts: 4

Rep: Reputation: Disabled
VM1 can be accessed via SSH from subnet 10.1.0.0/22 on 10.1.0.1:2222.

Gentleman,

I have a task and I need help here with iptables please.

Task says: VM1 can be accessed via SSH from subnet 10.1.0.0/22 on 10.1.0.1:2222.

I am running 5 virtual machines here , all are ubuntu server 16.04

I have ubuntu server (router) with two different networks: Network A = 10.10.1.0./26 and Network B = 10.1.0.1/22

In Network A i have two clients: VM1 with IP: 10.10.1.20/26 (static address) and VM2 with IP: 10.10.1.30/26 (static address)

Network B has 2 clients also: VM3 with IP: 10.1.0.100/22 (DHCP Reserved) and VM4 with IP: 10.1.1.100/22 (DHCP Reserved)

Router@ubuntu-server interfaces:

enp0s3 inet addr:10.10.1.1 Bcast:10.10.1.63 Mask:255.255.255.192 (this is inteface for lan subnet 10.10.1.0/26)

enp0s8 inet addr:10.1.0.1 Bcast:10.1.3.255 Mask:255.255.252.0 (this is interface for lan subnet 10.1.0.1/22)

enp0s9 inet addr:192.168.110.229 Bcast:192.168.110.255 Mask:255.255.255.0 (this is bridged adapter to my host computer and have internet access)

Please advise.

Diagram of network is here:

https://ibb.co/e1BJQe
 
Old 08-07-2018, 08:41 AM   #8
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,381

Rep: Reputation: 5574Reputation: 5574Reputation: 5574Reputation: 5574Reputation: 5574Reputation: 5574Reputation: 5574Reputation: 5574Reputation: 5574Reputation: 5574Reputation: 5574
Quote:
Originally Posted by max1m0 View Post
Gentleman,

I have a task and I need help here with iptables please.

Task says: VM1 can be accessed via SSH from subnet 10.1.0.0/22 on 10.1.0.1:2222. I am running 5 virtual machines here , all are ubuntu server 16.04 I have ubuntu server (router) with two different networks: Network A = 10.10.1.0./26 and Network B = 10.1.0.1/22

In Network A i have two clients: VM1 with IP: 10.10.1.20/26 (static address) and VM2 with IP: 10.10.1.30/26 (static address) Network B has 2 clients also: VM3 with IP: 10.1.0.100/22 (DHCP Reserved) and VM4 with IP: 10.1.1.100/22 (DHCP Reserved)

Router@ubuntu-server interfaces:
enp0s3 inet addr:10.10.1.1 Bcast:10.10.1.63 Mask:255.255.255.192 (this is inteface for lan subnet 10.10.1.0/26)
enp0s8 inet addr:10.1.0.1 Bcast:10.1.3.255 Mask:255.255.252.0 (this is interface for lan subnet 10.1.0.1/22)
enp0s9 inet addr:192.168.110.229 Bcast:192.168.110.255 Mask:255.255.255.0 (this is bridged adapter to my host computer and have internet access)

Please advise.
You need to read the LQ Rules and "Question Guidelines". You re-opened a thread that had been closed for FIVE YEARS, to hijack it with your own question. Neither is good. You need to open your own thread for your own question.

Also, this sounds *VERY* much like a homework question. Why don't you show us what you've done/tried so far, when you open your own thread?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem in remote ssh port using Port Forwarding jsaravana87 Linux - Server 1 09-27-2012 12:02 AM
Port number used by server when using dynamic port forwarding in SSH? kreeder Linux - Networking 4 11-21-2011 02:07 PM
Iptables - port forwarding to blocked port? spangberg Linux - Networking 2 03-26-2010 04:48 AM
Port Forwarding with iptables or ssh linker3000 Linux - Software 11 07-07-2008 08:41 AM
iptables port forwarding issue Garak Linux - Security 7 09-29-2006 04:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration