LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-28-2008, 08:16 AM   #1
eliufoo
Member
 
Registered: Oct 2007
Posts: 71

Rep: Reputation: 15
Assistant: Port Forwarding


I have two interfaces configured (Internet & LAN). I want traffic from a specefic host to be routed to a specific server.

My external interface is eth1 (197.41.39.55) & internal interface eth0 (192.168.10.0/24) that has several servers and networking equipments that needs to be reached by external hosts. I intend to route traffic from host 80.223.75.169 destined197.41.39.55 on port 8080, to be forwarded to 192.168.10.5 port 80. According to my internet search, below configuration should work:

-
- iptables -t nat -A PREROUTING -p tcp -i eth1 -d 197.41.39.55 --dport 8080 -j DNAT --to 192.168.10.5
- iptables -A FORWARD -p tcp -i eth0 -d 192.168.10.5 --dport 80 -j ACCEPT
- iptables -t nat -A PREROUTING -j LOG --log-level debug --log-prefix '***PREROUTING***'

I have implemented the above configuration but nothing works. I have also completely FLUSHED my firewall (for testing) and loaded the NAT module. And still doesn't work. Also, apart from the log file (messages), how can i troubleshoot iptable configuration.

Assist please:

Elly
 
Old 04-28-2008, 10:27 AM   #2
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
If you want port 8080 traffic to get to the inside port 80 then the rule should be like this

Code:
iptables -t nat -A PREROUTING -p tcp -i eth1 -d 197.41.39.55 --dport 8080 -j DNAT --to 192.168.10.5:80
 
Old 04-29-2008, 01:49 AM   #3
eliufoo
Member
 
Registered: Oct 2007
Posts: 71

Original Poster
Rep: Reputation: 15
Quote:
iptables -t nat -A PREROUTING -p tcp -i eth1 -d 197.41.39.55 --dport 8080 -j DNAT --to 192.168.10.5:80
Tried that too and still didn't work. I also tried SNAT by adding another virtual interface on the external primary interface. Gave it a public IP address that will be mapped with the an internal web server. Below are my configuration, correct me if I'm wrong.

# PREROUTING statements for 1:1 NAT (Connections originating from the Internet)

iptables -t nat -A PREROUTING -d 197.41.39.55 -i eth1 -j DNAT --to-destination 192.168.10.5

# POSTROUTING statements for 1:1 NAT (Connections originating from the home network servers)

iptables -t nat -A POSTROUTING -s 192.168.10.5 -o eth1 -j SNAT --to-source 197.41.39.55

# Allow forwarding to each of the servers configured for 1:1 NAT

iptables -A FORWARD -p tcp -i eth1 -o eth0 -d 192.168.10.5 -m multiport \
--dport 80,22,21,53 -m state --state NEW -j ACCEPT

# Allow forwarding for all New and Established SNAT connections
# originating on the home network AND already established
# DNAT connections

iptables -A FORWARD -t filter -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Allow forwarding for all 1:1 NAT connections originating on
# the Internet that have already passed through the NEW forwarding
# statements above

iptables -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

#Log traffic from debug level for POSTROUTING,PREROUTING and FORWORD chain.

iptables -t nat -A PREROUTING -j LOG --log-level debug --log-prefix '***PREROUTING*** '

iptables -t nat -A POSTROUTING -j LOG --log-level debug --log-prefix '***PREROUTING** '

iptables -A FORWARD -j LOG --log-level debug --log-prefix '//FORWARD// '
 
Old 04-29-2008, 02:30 AM   #4
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
The configuration seems correct, if its not working use tcpdump to debug it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to allocate port with port forwarding software djeepp Linux - Networking 3 01-29-2008 08:28 AM
port forwarding on Belkin 4-port Cable/DSL Gateway Router sycamorex Linux - Networking 5 03-05-2007 04:27 PM
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 08:35 PM
Simple Port Forwarding Firewall - not forwarding MadTurki Linux - Security 14 04-09-2006 01:08 PM
port forwarding and packet forwarding syrtsardo Linux - Newbie 2 07-03-2003 11:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration