General :: Setup A Port Forward From Client Computer's Shell?
Mar 24, 2011
I notice that my bittorrent client is capable of automatically setting up port forwards with my router, and I want to know if I can do the same in a shell script. The reason is, that since my router is stupid and won't let me keep static IP addresses (it seems they forced a DHCP refresh every week to make me want to pay for a more expensive model which doesn't), I need to get my computer to change the port forward to follow my computer's changing internal network IP address. I have a couple of port forward manually entered into my router settings for web interfaces to bittorrent etc, but of course these have a good chance of being invalidated at each DHCP refresh cycle.
Well I have been searching for more than a month now and I think I have read every single post related to this subject and finally decided to make a thread.
Now before I begin I am running Openvpn on my CentOS VPS. I have set static IP's for everyone.
Now what I am looking for is this lets say one of my clients wants port 60005 forwarded through my VPS to the internet what are the correct commands to run.
server-ip:60005 to loacl-ip:60005 Sever IP 24.xx.xx.xx Client IP 192.168.1.2
Just setup an ssh server...kinda. I need to forward the port (22) through my router. I have forwarded ports before for programs so the whole thing isnt a mystery. But i need to know what to put in for a couple boxes.... Private ip: ? protocol type: tcp, udp, or both?
I'm using a Debian servers, as router/firwall.. I've two ethernet interfaces into the server, one for wan and one for lan. The i use SNAT so my LAN clients can access the internet throgh the debian router. That is working... Now i want to be able to access servers on the LAN site from the WAN site, and i wanna use port address translation (PAT). I have a FTP server running on a lan server, so i'm trying to portward port 21.
When people try to access my FTP from the WAN site, they are redirected to the local FTP server, and they are promted for crendentials, but when the credentials are typed, and the local ftp server should answer the wan request, the connections dies.
The wan clients are being promted for credentials, so they are redirected to the local lan server, but after that the connections dies, so i think there is some kind of nat problem, when the local lan server is trying to respond to the wan request..
If I forward port 80 to port 3128 for squid with an iptable rule, does port 3128 have to be open on the firewall or is this all routed behind the firewall?
Having trouble visualising how IP-Based Virtual Host (with SSL) would work. Here is my vhosts.conf file:
Code: #Define Name Virtal Host NameVirtualHost 10.10.0.54:80 #Used to replace the main server host. The log file will reside in /var/log/httpd/error_log
[Code]....
How will it work? I will need to forward port 443 to the 10.10.0.55 interface right? Without doing that, there is no way this is going to work... is there? And that means that I can't run more than 1 ip-based SSL virtual host on one machine because I can't forward 443 to two different interfaces.
Also, do I use internal ip address or external ip address in the <VirtualHost > tag? I only have one static public ip.
I have a computer with a BSD subsystem that is acting as a router to other Windows computers.
On one of my Windows, I have an Apache Web Server that I want people to access from the outside world.
So, I have created an ipfw rule in my router computer that goes like this: ipfw add 100 fwd 10.0.2.2 ip from any to any dst-port 2443
Thing is, nothing happens.
I've tried changing the ServerName in my Apache to match my IP address (which is the destination IP of the incoming packets, I imagine) but still, nothing.
I have to admit that I register to LQ after I failed to search for similar solutions.let me see whether I can explain my problem clearly. I need to extract a single report from a big file. The big file looks something like this:
Report for yyyyyy Your info 999-9999999 End of Report
[code]....
I need to search for a user provided string, say 999-9999999, in the big file. Then I have to extract the single report. My logic is simple,
1) find 999-9999999 2) backward search for "Report for", note down the line number 3) forward search for "End of Report", note down the line number 4) extract the record by using info found from step 2) and 3).
I am trying to do this in bash, with awk and sed (I am new to both).
I need redirect serial port from ONE computer to ANOTHER computer, and at the another send this port to VirtualBox with WindowsXP.VB needed because i need to use software for windoze I do this:NE computer:socat tcp-l:54321,reuseaddr,fork file:/dev/ttyS0,nonblock,waitlock=/var/run/tty0.lock
ANOTHER computer: socat pty,link=/tmp/ttyS0,waitslave tcp:ONE:54321 Now (at ANOTHER) i've set serial port in VirtualBox as
I have a small home-office network. On that network I have two linux computers, one is a client the other a server.
On the server I have NFS Server setup and mount some NFS exports on the client computer.
On the server I have the firewall on and here it becomes a little tricky.
Since both the server and the client connect to the router the interface (eth1) is theoretically both an internal & external zone.
The router is commercial grade and therefore has a good firewall on it which is also setup. Therefore the firewall on the server is really more of a backup than a necessity. But that's fine, and by having the server's firewall on 'fail2ban' is able to work which I like to have working so I don't want to just turn off the server firewall even though I have good security from the router.
However, when I turn on the server's firewall, the client computer cannot see the NFS server when scanning for server -- done by: clicking on "Choose" next to "NFS Server Hostname" when adding an NFS share in the NFS Client in YaST. Clearly something is being blocked even though I have both "NFS Client" and "NFS Server Service" allowed in the server firewall. The Firewall config. files for these are below.
The Firewall configuration is pretty much "out of the box". That is I have the services I need opened up for the external zone, the other zones are left at their default which means the internal zone, although not used (i.e.: attached to any interface), is completely open.
The perfect solution I guess would be to setup my client computer to connect through a different NIC (perhaps eth0), make that the "Internal Zone" and therefore allow all traffic through to it while still blocking the server from the external zone. However, I cannot make that physical change to my network for now so I am looking for an in between (non-perfect) solution.
In this case I am guessing that means opening up extra NFS ports to the external zone so I have full NFS functionality. I don't mind this because like I said, the router firewall is the main line of defense anyway.
So, given all of the above could someone tell me what I would need to additionally open up in the server firewall to make the NFS server detection work on the client while the firewall was on. Or, if you have a cleverer/better solution without me changing my physical network that would be great.
Hopefully I have written this in enough detail and clearly enough so that all the parameters are clear but if not, feel free to ask me what you like and I'll try to make it clear.
Code: ## Description: Firewall Configuration for NFS kernel server. # # Only the variables TCP, UDP, RPC, IP and BROADCAST are allowed. # More may be supported in the future. code....
I have nfs-server installed and running on my Ubuntu 10.04 server. I have some directories exported. I can connect from my Ubuntu 10.04 PC using the commands: sudo mount taylor10:/data0 /t10/data0 sudo mount taylor10:/data1 /t10/data1 sudo mount taylor10:/data2 /t10/data2 sudo mount taylor10:/data3 /t10/data3
However, when I have my firewall on the PC enabled (Firstarter) I cannot make the mounts. I have ports 111 and 2049 open. If I stop the firewall, do the mounts and then start the firewall I am still mounted to the nfs shares. The connection is on port 2049. I have observed that when the firewall is enabled and I issue the mount command I get traffic on a random port such as 46694, 37022, etc. I have found instructions regarding editing /etc/default/nfs-common but they seem to control the port the server is listening on, not the port which the client is asking on. How do I lock down the port which mount and/or the nfs client is using to talk to the server to make the initial contact.
I need to forward a port to use dtella. I'm using Fedora 10, using iptables for my firewall.
I'm currently trying to forward it from terminal with this command:
Code: sudo iptables -t nat -A PREROUTING -p udp -i eth0 -d [ip address] --dport 11823 -j DNAT --to 192.168.0.2:80 this is what I get from iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
I have an apache2 server on a Debian box that I am using as the reverse proxy for my sites that are sitting behind it and everyone is happy. But now I want to be able to access my vmware server console from outside the network without exposing the vmware server port to the internet. So I did this I created a new virtual host for apache and it looks like this (edited for the real world)
So here is what I want to be able to do. I want to be able to punch in [URL] and have the reverse proxy just take care of everything else without having to punch in the port number or anything else. I'd also like to have if possible the ssl on the vmware box just pass through the proxy back to the end user. If that isn't possible and I need to create a new ssl for the apache box then that is ok too. I have googled this and looked at several other sites but I'm still a little bit lost.
Lets say i have two machines on public ips. If i get incoming traffic on machine #1 on port 55242 i would just like to forward it to machine #2 on port 35000.I would just like to use machine #1 same way as a dns server works. It just redirects the traffic and tells the client where to go.
I have a host and a client both running linux. Host has internet through eth2. Client needs to share that connection. The computers are connected directly using a crossover. I can ping from both fine. I figured I needed to port forward eth2 to eth0 to gain internet access in the client. How?
Code:
eth0 Link encap:Ethernet HWaddr 00:26:18:a6:fd:a3 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::226:18ff:fea6:fda3/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
While I have Transmission running, whether it be up/downloading or just open with one thing unpaused and no activity, all other computer functions that need internet access are unusable. Transmission says my port is closed in its preferences.
1. How do I find and open port? 2. Will finding an open port solve the problem of all things internet not working while Transmission is? 3. Do I need to create a static ip in order to forward a port through my router? 4. Will creating a static ip and forwarding that port solve my problem of only being able to use the internet while Transmission is on?
I want to explore DNS and Sendmail. So I downloaded exe of Vmware 2.0 on Windows Xp. I installed Fedora Linux on Both. Now I have bridged networking and do did provided:
Instance 1:
Machine IP: 192.168.1.100
Instance 2:
Machine IP: 192.168.1.101
BIND Software is installed on both the machine. I want to make 192.168.1.100 as Server and 192.168.1.101 as Client.
Also do let me know how can I setup DNS server? Will it be possible to learn DNS server and client configuration through VmWare?
I have just set up the transmission bittorrent client on my server (using the web interface), and am trying to get the port forwarding right. After noticing low download speeds (and rare uploading), I decided to check if a port needed to be forwarded.
I found many conflicting sites, mentioning both the ranges 6881-6999 and the port 51413 (as well as TCP and UDP versus just TCP). My current configuration is to forward TCP and UDP port 51413 to my server.
When one should try to connect to port 3306 of particular ip here e.g. 345.56.67.87 it should be redirected to port 3306 of internal machine. This is the scene : How can I access the particular port of the machine which is behind the router . i.e. From out side internet I would like to connect to the port 21 of the machine (192.168.5.8) which is behind router (345.56.67.87) . Here are the details I tried : both side linux (centos)
1.enabled ip forwarding of router (345.56.67.87)
2.enabled ip forwarding of machine (192.168.5.8)
3.implemented some iptable rules: /sbin/iptables -t nat -A OUTPUT --dst 345.56.67.87-p tcp --dport 3306 -j DNAT --to-destination 192.168.5.8:3306
what should I add/change to set up port forwarding of port 1000 to ip 192.168.1.200. also how to get the answer sent by 192.168.1.200 follow the same route used by the data received through port forwarding.
How do I setup Self Port Forwarding on Fedora 13 x64 How Port Forwarding Works Port forwarding allows access to a local area network by a remote user through forwarding ports that provide ftp access and web server access. The operating systems use a kernel or ipfirewall to carry out the port forwarding process.
There are several different ways that port forwarding is accomplished. * Self Forwarding: Self forwarding is port forwarding that is accomplished on a local area network that has multiple computers connected to the network. Since all of the computers share the same IP address, the port forwarding must be conducted within each computer on its own system. If the local area network router has a network access translator then the computers that are connected to the router must also do port forwarding within their own system.Port forwarding can be accomplished with Unix systems however the port can only be accessed by the root administrator. This is a less common method of port forwarding due to the fact that using a root administrator poses risks to the system because the users will often take a detour to a higher port number to gain faster access to the server.Double port forwarding involves the use of multiple routers that join computers on a local area network. As a result, the ports on one router are forwarded to another router that acts as a gateway. The gateway router then forwards to a host on the local area network (LAN). This type of port forwarding involves the communication of several components which include the session server, session client, and session port. When the user establishes a connection the session server will connect to one of the session ports that are to be forwarded which will in turn, forward the port to the session client. Reverse port forwarding is used when access is required to a port that is protected behind a firewall.
While port forwarding is convenient, there are a few things to be aware of when using this type of technology. If you use port forwarding only one port can be used at a time and the machine that is receiving the port forwarding can only view the information as coming from the router instead of the original machine. Additionally, port forwarding can open up network access to other machines that may be able to find the port forwarding by gaining unauthorized access. I know how to setup port forwarding in my router along with Dyndns.org free ED, but my local area network has multiple computers connected to the network on my router. All of the computers share the same external (public) dynamic IP address; when I setup port forwarding only my Web Server can access the internet, so how do I setup Self Port Forwarding on Fedora 13 x64
I'm running some vm's in FC12 with kvm-qemu and using virt machine manager. I'd like to have some ports automatically forward on startup and be able to add redirections on the fly. Redirection on the fly is talked about here, but I am getting lost on what should be basic instructions.[URL]
As far as startup, In the past I just ran qemu from the cli and manually specified redirection with redir. I can't figure out how to do it with The virt machine manager which I am using to start my VM's now. I do not want the guests to see the host. From cli startup without virt machine manager, it looked like this: qemu -m 256 -hda vm.img -redir tcp:5555::80 -redir tcp:5556::445 &
