Just setup an ssh server...kinda. I need to forward the port (22) through my router. I have forwarded ports before for programs so the whole thing isnt a mystery. But i need to know what to put in for a couple boxes.... Private ip: ? protocol type: tcp, udp, or both?
View 3 RepliesIf I forward port 80 to port 3128 for squid with an iptable rule, does port 3128 have to be open on the firewall or is this all routed behind the firewall?
View 4 Replies View RelatedI have just set up the transmission bittorrent client on my server (using the web interface), and am trying to get the port forwarding right. After noticing low download speeds (and rare uploading), I decided to check if a port needed to be forwarded.
I found many conflicting sites, mentioning both the ranges 6881-6999 and the port 51413 (as well as TCP and UDP versus just TCP). My current configuration is to forward TCP and UDP port 51413 to my server.
I'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).
I wrote the following commands:
iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT
I'm using a Debian servers, as router/firwall.. I've two ethernet interfaces into the server, one for wan and one for lan. The i use SNAT so my LAN clients can access the internet throgh the debian router. That is working... Now i want to be able to access servers on the LAN site from the WAN site, and i wanna use port address translation (PAT). I have a FTP server running on a lan server, so i'm trying to portward port 21.
iptables -t nat -A PREROUTING -p tcp -i eth1 -d (WANIP) --dport 21 -j DNAT --to 192.168.1.2:21
When people try to access my FTP from the WAN site, they are redirected to the local FTP server, and they are promted for crendentials, but when the credentials are typed, and the local ftp server should answer the wan request, the connections dies.
The wan clients are being promted for credentials, so they are redirected to the local lan server, but after that the connections dies, so i think there is some kind of nat problem, when the local lan server is trying to respond to the wan request..
Here i my iptables script:
#flush table
iptables -F
#input regler
[code]....
I notice that my bittorrent client is capable of automatically setting up port forwards with my router, and I want to know if I can do the same in a shell script. The reason is, that since my router is stupid and won't let me keep static IP addresses (it seems they forced a DHCP refresh every week to make me want to pay for a more expensive model which doesn't), I need to get my computer to change the port forward to follow my computer's changing internal network IP address. I have a couple of port forward manually entered into my router settings for web interfaces to bittorrent etc, but of course these have a good chance of being invalidated at each DHCP refresh cycle.
View 1 Replies View RelatedHaving trouble visualising how IP-Based Virtual Host (with SSL) would work. Here is my vhosts.conf file:
Code:
#Define Name Virtal Host
NameVirtualHost 10.10.0.54:80
#Used to replace the main server host. The log file will reside in /var/log/httpd/error_log
[Code]....
How will it work? I will need to forward port 443 to the 10.10.0.55 interface right? Without doing that, there is no way this is going to work... is there? And that means that I can't run more than 1 ip-based SSL virtual host on one machine because I can't forward 443 to two different interfaces.
Also, do I use internal ip address or external ip address in the <VirtualHost > tag? I only have one static public ip.
Is there a utility to forward ports on a simple home networking wireless router from commandline using upnp?
View 1 Replies View RelatedI'm trying to get my SSH server I set up on my home box working from behind a router. A 2wire 2700HG-B gateway, in fact. Now, I know my server is working fine, because I can get into it via loopback, anywhere inside the LAN from another machine, OR if I go into the router's config and enable DMZ for the machine. However, I don't like having DMZ on all the time because of the kludge-ness of it, and the security issue of the complete absence of a hardware firewall.If I try to port forward and access it from outside the LAN using the external IP (or my DynDNS, because it's dynamic), it just times out. I have a nonstandard port (45) for the listen port of the server, to keep away hack attempts if I were using the standard 22. I used this to see if the port was open, and it said it was. But, I tried the trick of telnetting the IP with that port, and it also timed out, instead of printing stuff about OpenSSH.
Attached is a screenie of my router's firewall page, so you all can look at it and see if I'm an idiot and doing it wrong. You might notice uTorrent there, it's because this machine is a dual-boot with 7, and the router doesn't differentiate the OS's. Also the SSH @ 46 port is for the Windows side, with freeSSHd. I changed the port on that one so the client I have can distinguish them, so it can run a reachability test.
1. Need to connect 2 CCTV DVRs and view from remote. 2. Can get a static IP address. But I dont know if this is a secure way since any once can view if the know the ip address. 3. Question is : is it possible to connect the DVR( s) to a linux server which will get user name and password before letting us view the DVR. Currently there is one set as follows: 1. From location X a device is connected to location Y using leased line and static IP (12 kms distance). In location Y a router is placed and port forwarding is configured. From Location Z using internet and remote desktop concept the device at location X is viewed and data captured. Is it possible to use a similar concept but with some sort of security authentication procedure in place.
View 1 Replies View RelatedI'm building a new router for my home. I have a pci-x motherboard with two network connections on the motherboard, SUSE 11. I intended to use one network connection for the external zone and the other for the Internal zone, (the internal port going to a four port switch). Recently, a friend gave me an "Intel PRO 1000 MT PCI-X Quad-Port Adapter C32199" which will plug into my motherboard, presumably giving me a total of 6 (4+2) network connections. 1) Can it be as simple as setting one network connection to "external zone" and the other five to "Internal zone", and plug my other computers into the internal zone connectors, eliminating the need for a switch?
2) There seem to be a lot of these QUAD server adapters on Ebay; how where they originally used?
3) Can I dedicate one internal net-port for some exclusive traffic (e.g. all mail, going to network connector 3, connected to the mail server)? IPtable rules?
I did a port scan on my server from outside my network and saw that port 10080 AMANDA is open.Amanda isn't installed on any of my computers or my server and the port is not forwarded by my modem or router. So why is this port open and how can I close it?
View 6 Replies View RelatedI have a device that must use a real IP address. Currently, my ISP uses DHCP and I can have up to 4 real IP address assigned. However, the cable modem only have 1 ethernet port and it's connected to my router (running Tomato, but can run DD-wrt or other Openwrt if required). Question stems from how I can connect the additional device, requiring a real IP? would be to get a switch and connect to the CM, Router, and Device. But alas, I want to avoid this route, since:
my wiring cabinet in my home is drawing lots of power and heat already Device will be unprotected by any firewall unable to monitor the traffic to/from device.Besides, what would be the FUN in that? what I want to do is to configure the router, so that one of the switchport is removed from the normal br0 bridge. Instead, I want to make it behave like a switch on the WAN port. What's the best way of doing this? Should I create another bridge on the WAN & the device port? Can a single port belongs to two bridges? or would I need to create a subinterface first? Would I need a DHCP-relay? Am I expecting too much from my poor cheapie router?
+------+
| CM |
+--++--+
||
+----WAN---------------+
[code]....
When one should try to connect to port 3306 of particular ip here e.g. 345.56.67.87 it should be redirected to port 3306 of internal machine. This is the scene : How can I access the particular port of the machine which is behind the router . i.e. From out side internet I would like to connect to the port 21 of the machine (192.168.5.8) which is behind router (345.56.67.87) . Here are the details I tried : both side linux (centos)
1.enabled ip forwarding of router (345.56.67.87)
2.enabled ip forwarding of machine (192.168.5.8)
3.implemented some iptable rules: /sbin/iptables -t nat -A OUTPUT --dst 345.56.67.87-p tcp --dport 3306 -j DNAT --to-destination 192.168.5.8:3306
4.iptables -t nat -A OUTPUT --dst 345.56.67.87 -p tcp --dport 3306 -j DNAT--to-destination 192.168.5.8:3306
I tried to google on it mainly it dealt with the iptable rules. of which i applied but error is" can not connect to the port 3306 of 192.168.5.8"
I tried following the instructions below but I don't see the "Automatically map port" option. What am I missing here??[URL]
View 1 Replies View RelatedI have forwarded ssh and rdp protocols in the router which is in remote location. And i aslo configured dhcp reservation for my windows server's ipaddress. I have added that reserved ipaddress of windows server in the RDP port forwarding ip. And i connected to windows server through remote desktop with the ipaddress of the router because i needed a public ipaddress to connect. And now i am going to add my linux servers ip also to dhcp reservation and forward ssh port and give that reserved ipaddress. can i connect to linux server with same public ip that i used to connect for windows server?
View 1 Replies View RelatedSay I have Computer A behind a router with NAT. I'm unable to add any port forwarding rules to that router. Then I have Computer B with a public IP address that I want to forward X windows from. This computer is headless, but does have a video card so X windows can be used. Here are some of the things I'd perform to setup my scenario.
1. Computer B, I'd run xhost + public_ip of NAT router.
2. Make sure that computer B's sshd service has X11 forwarding enabled.
3. SSH from Computer A to Computer B with the X windows forward option.
4. Once in Computer B, set the DISPLAY env variable to the public_ip of NAT router.
5. On Computer B run xclock.
At this point I'd expect to see an instance of xclock originating from Computer B onto my desktop. However this obviously won't work. The problem is that when the request is made to Computer B to forward the instance of xclock to Computer A the forwarded instance of xclock will get stuck at the NAT router. Without a port forwarding rule the NAT router will not know which internal IP to route the instance of xclock.
Here's my question. Is there any way for Computer A to initiate a connection to Computer B and then forward the instance of xclock? That way if it uses that same connection the NAT router will know which internal IP to route it to because it would be an active connection in the router's routing table. Or is there an alternative? Of course I can vnc into another computer outside the NAT network and then forward an X window to it just fine. But in the spirit of expanding my knowledge on X windows I'd like to see what is possible.
I have linux server setup on a network with 2 interfaces. One (eth0) is connected to the regular network and the other (eth1) has a DHCP server and transparent web cache listening on it. The machines connected on the eth1 side are on a different subnet and the linux server is there gateway. Untrusted machines are introduced to this network to keep them isolated.
This isolation works well, too well. There are a small set of resources on the regular network I would like to make available to machines on untrustworthy network. I think I need to use iptables but alas I've had no luck in piecing together the command I need (in one case looking myself out and having to physically reset the machine).
I'd really like to know how to port forward firefox, so I can browse and stream my movies faster... is this possible?
View 8 Replies View RelatedI`m running a rather simple iptables script, but no matter what port i try to forward it wont open. Here are the basics:
Code:
ipt="/usr/sbin/iptables"
$ipt -F
[code]...
I'm trying to make my wireless router always give me the same ip address every boot (192.168.1.100). I do not have a static ip address from my isp.
Everything I've tried from online help has made my internet break and I'm not even sure what exactly I should be searching for on google.
Ultimately, I'm trying to get my wireless router to forward ftp requests to my computer which shares the network with an xp machine. I think this is the way to go about it.
I need to forward a port to use dtella. I'm using Fedora 10, using iptables for my firewall.
I'm currently trying to forward it from terminal with this command:
Code:
sudo iptables -t nat -A PREROUTING -p udp -i eth0 -d [ip address] --dport 11823 -j DNAT --to 192.168.0.2:80
this is what I get from iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
[Code].....
I have an apache2 server on a Debian box that I am using as the reverse proxy for my sites that are sitting behind it and everyone is happy. But now I want to be able to access my vmware server console from outside the network without exposing the vmware server port to the internet. So I did this I created a new virtual host for apache and it looks like this (edited for the real world)
Code:
<VirtualHost *:80>
ServerName server.my.domain
# RewriteLog "/var/log/apache2/rewrite.log"
# RewriteLogLevel 9
[Code]....
So here is what I want to be able to do. I want to be able to punch in [URL] and have the reverse proxy just take care of everything else without having to punch in the port number or anything else. I'd also like to have if possible the ssl on the vmware box just pass through the proxy back to the end user. If that isn't possible and I need to create a new ssl for the apache box then that is ok too. I have googled this and looked at several other sites but I'm still a little bit lost.
Well I have been searching for more than a month now and I think I have read every single post related to this subject and finally decided to make a thread.
Now before I begin I am running Openvpn on my CentOS VPS. I have set static IP's for everyone.
Now what I am looking for is this lets say one of my clients wants port 60005 forwarded through my VPS to the internet what are the correct commands to run.
server-ip:60005 to loacl-ip:60005
Sever IP 24.xx.xx.xx
Client IP 192.168.1.2
Lets say i have two machines on public ips. If i get incoming traffic on machine #1 on port 55242 i would just like to forward it to machine #2 on port 35000.I would just like to use machine #1 same way as a dns server works. It just redirects the traffic and tells the client where to go.
View 6 Replies View RelatedI have a host and a client both running linux. Host has internet through eth2. Client needs to share that connection. The computers are connected directly using a crossover. I can ping from both fine. I figured I needed to port forward eth2 to eth0 to gain internet access in the client. How?
Code:
eth0 Link encap:Ethernet HWaddr 00:26:18:a6:fd:a3
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::226:18ff:fea6:fda3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[code]...
While I have Transmission running, whether it be up/downloading or just open with one thing unpaused and no activity, all other computer functions that need internet access are unusable. Transmission says my port is closed in its preferences.
1. How do I find and open port?
2. Will finding an open port solve the problem of all things internet not working while Transmission is?
3. Do I need to create a static ip in order to forward a port through my router?
4. Will creating a static ip and forwarding that port solve my problem of only being able to use the internet while Transmission is on?
I can't port forward to ftp behind my firewall, I tried several attempts but none worked.
Can anyone help me solve this?
VERY new to linux, erm but I have an issue that needs solving!I recently moved to university, where their network blocks sftp port 22, this means that I cannot connect to my FTP server which is running a version of linux.Now I've got this ftp server connected to a seedbox and it was created using the following walk through..Code:I have written this guide for a friend, but I though it would be useful for others as well.
There are several guides floating around, but I found that most always cock up in some way. This one is tried and tested to work on Debian Etch (on an OVH rps, but should apply to most servers).If there is a new stable release of rtorrent/libtorrent then I will update this guide to show you how to update it (without reinstalling the whole server).
At the bottom there are also instructions to install ftp access & some network monitoring software.Basically, I would really like someone to be able to construct the commands on how to change the listen port for sftp connection on linux or add another port to the list that Linux would use so that I could put in through putty.
I have sendmail running on my centOS 4.6. My lamp server also runs on it. I want to send mail through php mail function. when i execute php page, which fires the mail function, it takes so much long tim1 say even 1 minute, and at last displays that message sent successfully. Suppose, destination address is [URL].... I did not get any mail there. My server is running in LAN. I checked the status of sendmail, it shows me that it ios running. when i issue "nmap localhost" it shows me that SMTP port 25 is open, but when i issue "nmap myserver" (192.168.1.20 myserver ( written in hostfile)), it does not show that SMTP port is open.
I checked the /var/log/maillog, one person in my previous post advice me to see that. There it shows that message is accepted for delivery...but i do not get any mail in my destination, even not in spam folder. One more confusion is that, in my case my server is in LAN and if I am at all enable to open the SMTP port on it, does i need to open SMTP port on my router (which connects my LAN to internet) also needs to open? I think no, because SMTP is application layer protocol, it will wrap my mail in IP packet, which router just need to forward. am i right?