How shoul I open a TCP port?
Hi there
This is my second post for this issue. I have been trying to do NAT throug firewall box, but I can't make itworks. Let me explain my need Public Ip --------Firewall------- Internal Ip 200.69.219.229 192.168.5.1 I need to listen on port 4000 in the firewall (not opened yet, cause no service use it, the real service resides in the internal machine), and forward that to an internal IP, 192.168.5.2 por 4000. I think you call this NAT Problems. 1) I need to open port 4000, don't know how 2) I need to forward packets that reach 200.69.219.229:4000 to 192.168.5.2:4000. For point 2, I have tryed this iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 4000 -j DNAT --to 192.168.5.2:4000 with no success at all If anyone can help me with this, I'll be pleased Thanks in advance Christian |
Looking at your iptables rule you are very close the solution....
The iptables rule you've used it states 'all the packets sent to the firewall's eth0, to port 4000 should have changed destination address' and looks ok. But you need also: a. allow this packet to be forwarded c. allow returning packet(s) to be forwarded back So you need to add at least: 1. iptables -A FORWARD -j ACCEPT 2. set the kernel for packet forwarding with command 'echo 1 > /proc/sys/net/ipv4/ip_forward' 3. take care of the source address for the forwarded back packets (POSTROUTING with MASQUERADE or SNAT target). Look: your rule changes the destination address. (The source is constat). So your internal box can see where to send 'response'. And the host which sent the request will get the 'response'. But it will ignore it since it will get it not from host it asked for. Therefore you need (3) Of course, you can complicate above 'forward' and 'postrouting' rules. For instance you can block non-to-4000-port packets, trace them with '--state' switch etc. BTW: 'Open' port means nothing else than accepting the packets sent to this port. The iptables is very simple and logical. Read this. |
All times are GMT -5. The time now is 08:20 PM. |