Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-08-2005, 11:49 PM
|
#1
|
Member
Registered: Jun 2005
Location: Pennsylvania
Distribution: Kubuntu
Posts: 197
Rep:
|
Port Forwarding Concepts Question
I am trying to teach myself about port forwarding on Linux, but I am running into some trouble getting anything to work. I conducted the following experiment:
My home network consists of 2 machine-- my Linux machine and a Win98 machine. The Linux machine's ethernet card is plugged directly into my router, which is plugged into my DSL modem. The Win98 machine has a wireless USB adapter that connects it to the router. On my internal network, the router is 192.168.0.1, the Ubuntu machine's eth0 interface is 192.168.0.2, and the Win98 machine's interface has address 192.168.0.3.
I wanted to see if I could forward port 80 on my Linux machine to a well known web server. I entered so iptables commands that were supposed to 1) forward the port 80 traffic from the Linux machine to the Internet web site, and 2) tell the Linux machine to accept traffic on port 80. I also ran
Code:
$ sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
to enable port forwarding.
I then brought up a browser on the Win98 machine and entered:
Code:
http://192.168.0.2/
in the URL bar. The connection just timed out after a while, so I figure I was not successful.
Is this experiment feasible with the physical connection I have set up? Is there some way I can diagnose what's going on?
|
|
|
06-09-2005, 02:33 AM
|
#2
|
Senior Member
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291
Rep:
|
Which machine are you trying to forward on? your linux machine or your router?, is your router a linux machine as well? or is it a dedicated hardware like d-link, netgear or lynksys?. If it is your linux client machine your trying to forward on, you can only forward between 2 network cards on the local machine, if you have only 1 network card you can only use the INPUT and OUTPUT rules to control data to and from the machine.
|
|
|
06-09-2005, 03:27 AM
|
#3
|
Member
Registered: Sep 2004
Distribution: Redhat / Fedora
Posts: 114
Rep:
|
what were the IP tables commands that u types
the enable ip_v4 forward is when u have 2 different networks
& u want them to talk to each other.
|
|
|
06-09-2005, 09:17 AM
|
#4
|
Member
Registered: Jun 2005
Location: Pennsylvania
Distribution: Kubuntu
Posts: 197
Original Poster
Rep:
|
+ My router is a dedicated piece of hardware (a Netgear wireless router).
+ I am trying to forward from my Linux machine.
+ The Linux machine has only 1 NIC.
+ I don't recall the exact commands I was using, but it was similar to:
# Supposed to take incoming port 80 traffic and forward it to an Internet web site.
# Home machine appears to be hosting this web site from the Win98 machine's perspective.
iptables -t nat -A PREROUTING -p tcp -i eth0 -s 192.168.0.3 -dport 80 DNAT --to-destination 216.109.118.73:80
There was also a second command that was supposed to tell the Linux machine that it was supposed to accept port 80 traffic on eth0 (it does not run its own web server).
I guess since I only have the 1 NIC, the problem is that I was not using just the INPUT and OUTPUT rules. What would be a good search for my situation? "Linux IP port forwarding" brings back a ton of results that assume I am trying to build a router with 2 NICs.
|
|
|
06-11-2005, 03:03 AM
|
#5
|
Senior Member
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291
Rep:
|
ok understand what your doing now, well you can't forward with one network card, you can only forward between two, so only INPUT and OUTPUT rules apply.
If you want to learn about forwarding you will need to put a second nic in then connect another computer up to it and then you can start to route data
If you just want the one nic you can learn about basic firewalls, which use the INPUT and OUTPUT rules to control the flow of data in and out of the machine. Ive only started to learn ipchains so i'm not up too scratch with iptables yet, maybe you could try a rule something like this
iptables -A OUTPUT -p tcp -i eth0 -dport 80 -d 216.109.118.73 -j ACCEPT
Not sure if this is the correct way to write the rule but you could give it ago and see if it works.
As for a search for relevant info, do a google search for iptables howto, that will bring up a huge amount of info.
|
|
|
06-11-2005, 02:42 PM
|
#6
|
Member
Registered: Jun 2005
Location: Pennsylvania
Distribution: Kubuntu
Posts: 197
Original Poster
Rep:
|
Well, the INPUT/OUTPUT chains aren't exactly what I wanted to do in my experiment, because they only work with locally generated packets. For example, using OUTPUT, I can make it so when I browse to my machine's address, it transparently takes me to an outside site, but it doesn't work if I browse there from a seperate PC.
I think I found a user-space solution to my problem, though. I found a nice little python script called "pinhole.py" that lets you redirect traffic from a port on the local machine to some port on a remote machine. So if I run
$ python pinhole.py 8080 www.yahoo.com
on my machine (192.168.0.2), and then from a different machine on my LAN I browse to http://192.168.0.2/, I see the yahoo web page.
This is essentially what I wanted to do. Thanks for your help!
|
|
|
06-12-2005, 03:16 AM
|
#7
|
LQ Guru
Registered: Aug 2003
Location: Sydney, Australia
Distribution: Gentoo
Posts: 1,796
Rep:
|
In case you still want to know what your original problem with iptables is, it's because you also need to do SNAT in additional to DNAT, otherwise your router gets confused.
Code:
iptables -t nat -A PREROUTING -p tcp -i eth0 -s 192.168.0.3 -dport 80 -j DNAT --to-destination 216.109.118.73:80
iptables -t nat -A POSTROUTING -p tcp -o eth0 -d 216.109.118.73 -p tcp --dport 80 -j SNAT --to 192.168.0.2
|
|
|
07-06-2005, 05:53 AM
|
#8
|
LQ Newbie
Registered: Jul 2005
Posts: 1
Rep:
|
help
can you tell me where you got this python script pinhole.py. i would also like to use it. thank you. my address is tmanavalan@gmail.com
|
|
|
All times are GMT -5. The time now is 08:08 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|