Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 11-12-2003, 04:06 PM   #1
LQ Newbie
Registered: Nov 2003
Posts: 10

Rep: Reputation: 0
Unhappy How shoul I open a TCP port?

Hi there

This is my second post for this issue.
I have been trying to do NAT throug firewall box, but I can't make itworks.
Let me explain my need

Public Ip --------Firewall------- Internal Ip

I need to listen on port 4000 in the firewall (not opened yet, cause no service use it, the real service resides in the internal machine), and forward that to an internal IP, por 4000. I think you call this NAT

1) I need to open port 4000, don't know how
2) I need to forward packets that reach to

For point 2, I have tryed this

iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 4000 -j DNAT --to

with no success at all

If anyone can help me with this, I'll be pleased

Thanks in advance

Old 11-12-2003, 04:50 PM   #2
Registered: Jan 2003
Location: Poland, Warsaw
Distribution: LFS, Gentoo
Posts: 591

Rep: Reputation: 32
Looking at your iptables rule you are very close the solution....
The iptables rule you've used it states 'all the packets sent to the firewall's eth0, to port 4000 should have changed destination address' and looks ok.
But you need also:
a. allow this packet to be forwarded
c. allow returning packet(s) to be forwarded back
So you need to add at least:
1. iptables -A FORWARD -j ACCEPT
2. set the kernel for packet forwarding with command 'echo 1 > /proc/sys/net/ipv4/ip_forward'
3. take care of the source address for the forwarded back packets (POSTROUTING with MASQUERADE or SNAT target).
Look: your rule changes the destination address. (The source is constat). So your internal box can see where to send 'response'. And the host which sent the request will get the 'response'. But it will ignore it since it will get it not from host it asked for. Therefore you need (3)

Of course, you can complicate above 'forward' and 'postrouting' rules. For instance you can block non-to-4000-port packets, trace them with '--state' switch etc.

BTW: 'Open' port means nothing else than accepting the packets sent to this port.

The iptables is very simple and logical. Read this.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP Port 53 Open - How to enable UDP 53? stardotstar Linux - Networking 6 03-16-2005 05:49 AM
Open tcp port & mails that i do not send. jrfly Linux - General 1 02-02-2005 10:02 PM
does CUPS need internet and open TCP port? servnov Linux - Newbie 1 11-14-2004 12:45 PM
TCP port 603 open sharpie Linux - Security 6 04-21-2004 10:48 PM
How to know some more about an open TCP port? yuzuohong Linux - General 1 05-12-2003 10:42 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:54 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration