[SOLVED] IPtables : ssh port forwarding one port to another port issue

routers · 07-23-2013, 02:04 PM

Hi , need some help
OS : CentOS 6 64 with KVM intel
Issue : IPtables & SSH

I have used this function for so long without issue
then today i update my CentOS, all sudden stop working
here is the command

Code:

$IPT -t nat -I PREROUTING -p tcp -d 202.28.88.140 --dport 2222 -j DNAT --to 192.168.122.150:22

supposed when i do ssh root@202.28.88.140 -p 2222 its forward my connection ssh to internal system 192.168.122.150

FYI 192.168.122.150 is another centos vm in the same host.
however if from inside host system
i can ssh root@192.168.122.150 w/o any issue

any extra info need please let me know

thanks a lot

Routers

Ser Olmy · 07-23-2013, 02:18 PM

If the FORWARD policy in the filter table is set to DROP, you will need a rule allowing SSH traffic from anywhere to 192.168.122.150:22 (the FORWARD chain sees the NATed packet).

Also, make sure IP forwarding (routing) is enabled.

routers · 07-23-2013, 02:43 PM

thanks for reply
however drop is not used

just have
$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Ser Olmy · 07-23-2013, 02:47 PM

Please post the output of the following two commands:

Code:

cat /proc/sys/net/ipv4/ip_forward

iptables -L

routers · 07-23-2013, 03:01 PM

Code:

[root@KVM140 ~]# cat /proc/sys/net/ipv4/ip_forward
1

Code:

[root@KVM140 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:oa-system 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:intu-ec-client 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8834 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8833 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:pptp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8150 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

now i smelly the issue there port 2222 is not shown

routers · 07-24-2013, 12:20 AM

Marked Solved
info: Although we set static vm, eg 192.168.122.100 ,
we still need to execute dhclient for each vm

otherwise this port to port forwarding will not work

Cheers

Routers

max1m0 · 08-07-2018, 08:25 AM

Gentleman,

I have a task and I need help here with iptables please.

Task says: VM1 can be accessed via SSH from subnet 10.1.0.0/22 on 10.1.0.1:2222.

I am running 5 virtual machines here , all are ubuntu server 16.04

I have ubuntu server (router) with two different networks: Network A = 10.10.1.0./26 and Network B = 10.1.0.1/22

In Network A i have two clients: VM1 with IP: 10.10.1.20/26 (static address) and VM2 with IP: 10.10.1.30/26 (static address)

Network B has 2 clients also: VM3 with IP: 10.1.0.100/22 (DHCP Reserved) and VM4 with IP: 10.1.1.100/22 (DHCP Reserved)

Router@ubuntu-server interfaces:

enp0s3 inet addr:10.10.1.1 Bcast:10.10.1.63 Mask:255.255.255.192 (this is inteface for lan subnet 10.10.1.0/26)

enp0s8 inet addr:10.1.0.1 Bcast:10.1.3.255 Mask:255.255.252.0 (this is interface for lan subnet 10.1.0.1/22)

enp0s9 inet addr:192.168.110.229 Bcast:192.168.110.255 Mask:255.255.255.0 (this is bridged adapter to my host computer and have internet access)

Please advise.

Diagram of network is here:

https://ibb.co/e1BJQe

TB0ne · 08-07-2018, 08:41 AM

Quote:

Originally Posted by max1m0

Gentleman,

I have a task and I need help here with iptables please.

Task says: VM1 can be accessed via SSH from subnet 10.1.0.0/22 on 10.1.0.1:2222. I am running 5 virtual machines here , all are ubuntu server 16.04 I have ubuntu server (router) with two different networks: Network A = 10.10.1.0./26 and Network B = 10.1.0.1/22

In Network A i have two clients: VM1 with IP: 10.10.1.20/26 (static address) and VM2 with IP: 10.10.1.30/26 (static address) Network B has 2 clients also: VM3 with IP: 10.1.0.100/22 (DHCP Reserved) and VM4 with IP: 10.1.1.100/22 (DHCP Reserved)

Router@ubuntu-server interfaces:
enp0s3 inet addr:10.10.1.1 Bcast:10.10.1.63 Mask:255.255.255.192 (this is inteface for lan subnet 10.10.1.0/26)
enp0s8 inet addr:10.1.0.1 Bcast:10.1.3.255 Mask:255.255.252.0 (this is interface for lan subnet 10.1.0.1/22)
enp0s9 inet addr:192.168.110.229 Bcast:192.168.110.255 Mask:255.255.255.0 (this is bridged adapter to my host computer and have internet access)

Please advise.

You need to read the LQ Rules and "Question Guidelines". You re-opened a thread that had been closed for FIVE YEARS, to hijack it with your own question. Neither is good. You need to open your own thread for your own question.

Also, this sounds *VERY* much like a homework question. Why don't you show us what you've done/tried so far, when you open your own thread?