There is this server where in I want to use port redirection using iptables. For port redirection I have used nat table with PREROUTING chain and REDIRECT option. Like:
Code:
iptables -t nat -A PREROUTING -p tcp --dport pop3 -j REDIRECT --to-port 8110
It just does not work. I have tried to redirect other ports as well but nothing works.
[code]....
I have been trying to achieve something through iptables but something is going wrong. I want connection/packets arriving to a specific computer (let's call it "server") from another specific computer ("client") inside the same network to be automatically redirected to a remote computer in the internet and vice-versa. I tried doing that using iptables with these commands on the "server" PC:
Code:
iptables -t nat -A PREROUTING --source 'client-ip' -j DNAT --to-destination 'remote-pc-ip'
iptables -t nat -A PREROUTING --source 'remote-pc-ip' -j DNAT --to-destination 'client-ip'
[code]....
Ok, here goes, I have a rdp server sitting at a remote store which is behind a router I do not control.
I might be able to get the phone company to add routing to it but at the moment I'd like to do this with ssh and reverse port routing, because I might need this for other ports later and I never know if the phone company wont break other routings already in place or just screw up the entire thing .
I am able to have a linux box at the site ssh into a server located where I'm at and reverse port forward port 3389 to that server. I can also then ssh into that server from my linux box and port forward 3389 to my box, under another port since my 3389 is already in use. Finally I can use rdesktop to rdp on the my local box which bounces it through the server and back to the linux box which forwards it to the rdp server (A Windows 2008 server to be exact). This is all well and good and works reasonably fast, but, I need to be able to have users on windows boxes at my site do this without all of the rigmarole. I need to, I guess, redirect a normal open port, or create one, on the server where I am so that it connects internally to the reverse forwarded port or open the internal port to the outside. So I guess I need to make it a 'gateway' for that one port, this way all I have to do is point the rdp clients at the main server and port to have it eventually connect to the rdp server in the remote store.
how to go about doing it. I guess I need an iptables entry forwarding the port but I'm not sure what is should be.
The other option is opening up the port 3389 to the outside but I'm not sure how to do that either. Right now I have no iptables entries at all but even if I turn off iptables completely port 3389 is not available if I try to use it from another pc on the network but I can rdp from the server itself using the 3389 port so I know it's working internally.
I am using squid proxy server in my Linux machine for caching. Now i want run my squid in transparent mode not set proxy settings in browsers.Like squid is running port 3128. If we redirect the port 80 packets to port 3128, looping is occurred.How to avoid looping?
View 5 Replies View RelatedI'm have a base level understand of linux at this point. I have Debian box that I am trying to do some port redirection with.
I have my external NIC as eth0 with an IP of x.x.250.5.
I have my internal NIC as eth1 with an IP of 192.168.1.1.
On the internal network I have a NAS box with a web interface at 192.168.1.100. What I need is to set it up so that a request to x.x.250.5:8080 will some how forward/redirect to the internal network NAS box at 192.168.1.100:80.
I'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).
I wrote the following commands:
iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT
In SuSE firewall0. I do have a openSuse 11.4 and multiple IP addresses on eth0 interface
I run (trying to/have to) multiple TOMCAT servers.
I am trying to have each tomcat instance listen to on separate IP address for example:
What i am trying to do is to redirect
a) tomcat 1 -
a) tomcat 2 -
And so on.
I know that it has to be possible.
I do have just eth0/
Is is it possible. Do I have to create "vittual interfaces"? eth0:1, .......... and do redirection ?
"Server" has got just single interface - just 1 ethernet calbe goes to that server. I am planning to have 10-15 tomcat's on that server (I have to unfortunatley) and each has to run on port 80
Is it possible to "grant" permissions to normal users to run app on port 80 - that would solve me lots of problems if impossible to redirect.
I tried to setcap 'cap_net_bind_service=+ep' /path/to/tomcat ...... but no luck
i am running ncat (netcat's new version from nmap) on centos . I am listening on different ports. My question is , is it possible that when a connection is received on a port say 123, i redirect this connection to a different port and use the 123 port again for listening connections. ncat has an option -k which u can add with -l , it will force fully listen on the port. It can accept multiple connections on a single port but i want that once a client connects on to 123 port, he is forwarded to some other port and no longer on 123.
View 4 Replies View RelatedI'm using a Debian servers, as router/firwall.. I've two ethernet interfaces into the server, one for wan and one for lan. The i use SNAT so my LAN clients can access the internet throgh the debian router. That is working... Now i want to be able to access servers on the LAN site from the WAN site, and i wanna use port address translation (PAT). I have a FTP server running on a lan server, so i'm trying to portward port 21.
iptables -t nat -A PREROUTING -p tcp -i eth1 -d (WANIP) --dport 21 -j DNAT --to 192.168.1.2:21
When people try to access my FTP from the WAN site, they are redirected to the local FTP server, and they are promted for crendentials, but when the credentials are typed, and the local ftp server should answer the wan request, the connections dies.
The wan clients are being promted for credentials, so they are redirected to the local lan server, but after that the connections dies, so i think there is some kind of nat problem, when the local lan server is trying to respond to the wan request..
Here i my iptables script:
#flush table
iptables -F
#input regler
[code]....
I have a mail server on which I would like to block port 25 on my eth0 for everyone except our external spam filter. the problem is that I want our users to be able to connect via port 10025 which is forwarded to port 25, which then is blocked...
View 2 Replies View RelatedUnder what condition port redirection could go useful?
View 2 Replies View Relatediptables -A INPUT -p udp --dport -j ACCEPT
iptables -A INPUT -p tcp --dport -j ACCEPT
iptables -A FORWARD -p udp --dport -j ACCEPT
iptables -A FORWARD -p tcp --dport -j ACCEPT
and the rules are placed in iptables, i can see them when I do iptables -L. But when I do netstat -an | grep 161 I can see that port 161 (SNMP) is not listening. Why?
I'm running a server with Ubuntu 10.04 installed. I recently set up a VirtualHost (I'll call it my.website.com), like I have in the past without any problems. But this time, I'm stumped. When I connect to my.website.com, it should hit port 80, right? It doesn't; rather, it hits port 8000. I don't have any rewrites/redirections (I checked wherever possible) and checked apache2.conf (httpd.conf is empty).
View 5 Replies View RelatedI am running a voip server on port 5060. I want to hide this to all the robots scanning the net permanently - I know this is not enough security - it is just to prevent them from wasting by bandwidth testing all usernames until fail2ban stops them !
I'd like to have port 5060 accepting requests only from 'trusted' hosts, while others (client with dynamic ip) use port 5065 - thus, port 5060 will only appear open for some trusted partners and the bots will skip to something else.
I have setup the iptables rules succesfully to accept only trusted hosts.
-A RH-Firewall-1-INPUT -s 93.x.y.z -p udp -m state --state NEW -m udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 5060 -j DROP
I've added a PREROUTING NAT rule that change the port from 5065 to 5060 for others - but then, this gets caught in the INPUT rule as port 5060 -A PREROUTING -p udp -m udp --dport 5065 -j DNAT --to-destination 192.168.1.1:5060
This works so well that the packets coming on port 5065 are translated to port 5060 and get caught in the DROP rule...
I have a CentOS box which is Internet Facing. It has 3 LAN's connected to it which are for virtual machines.
I want to port forward port 445 to a machine on one of the LAN interfaces. I have tried various ways to get it done, but still cannot access that port from the interface. I definately know device hosting port 445 is live, as I can ping it from the CentOS box and use lynx to access it! (It's a web server)
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 445 -j DNAT --to-destination 192.168.0.2:445
I've been Googling about port forwarding iptables and even though there's result and I've applied it in my script, I can't make iptables forwading request to another machine so I decided to ask help.
eth0 is my Internet Interface (1.2.3.4 is the public ip)
eth1 is my Lan Interface
eth2 is my DMZ Interface
[code]....
I have a server running debian squeeze and kvm to virtualize a Windoze box. It's setup to use NAT. This is because of limits on the network by the admin and unfortunately, there isn't a way to get around this.
View 1 Replies View RelatedI need to forward a port to use dtella. I'm using Fedora 10, using iptables for my firewall.
I'm currently trying to forward it from terminal with this command:
Code:
sudo iptables -t nat -A PREROUTING -p udp -i eth0 -d [ip address] --dport 11823 -j DNAT --to 192.168.0.2:80
this is what I get from iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
[Code].....
how do i enable or open port in the iptables
View 14 Replies View RelatedLets say i have two machines on public ips. If i get incoming traffic on machine #1 on port 55242 i would just like to forward it to machine #2 on port 35000.I would just like to use machine #1 same way as a dns server works. It just redirects the traffic and tells the client where to go.
View 6 Replies View RelatedI've used iptables since it replace ipchains, and I've never had a problem like this.The problem is, as you can see by the title, that port forwarding simply does not work.
network topology:
Slackware Linux Server:
eth0 - LAN (192.168.0.0/25)
eth1 - DSL Static IP
eth2 - cable Static IP
eth1 is our standard office connection; it handles all of our default traffic (web browsing for the staff, email, etc). eth2 is our VPN connection, as well as use for all incoming connections (www, etc). Behind the linux box I have a series of Windows Server 2008 R2 boxes that are used to run our office software, website, etc - I don't care how nice they make their products these days, I simply don't trust any MS box open to the net.
Therefore, this leaves me with having to port forward port 80 from eth2 to the internal IP address of the web server.
My ruleset is as follows:
$WWW - ip address of the web server
iptables -A FORWARD -d $WWW -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to $WWW
Running ip route shows that I have routing entries for all 3 networks, and I can ping, ssh, etc to any of the addresses without issue. OpenVPN connects across eth2 as well, and all 15 of my VPN tunnels work fine. However - and here's the kicker - if I delete the default route and replace it with the route for eth2, port forwarding works fine.
If we accept that my networks are as follows:
192.168.0.0/25 - eth0 net, gw .1
1.1.1.0/29 - eth1 net, gw .1, eth1 ip .2
2.2.2.0/30 - eth2 net, gw .1, eth2 ip .2
then ip route reveals the following:
2.2.2.0 via 2.2.2.1 dev eth2
2.2.2.0 dev eth2 scope link src 2.2.2.2
1.1.1.0 dev eth1 scope link src 1.1.1.2
[code]....
I have a linux server I'm intending to use as a firewall. The server has the following adapters
eth0 - Public IP (VLAN2)
eth0:1 - Public IP2 (VLAN2)
eth1 - 10.241.4.4 (VLAN4)
the Default gateway is my ISPs gateway. Additionally, I have the following route set: route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.241.4.1
I have a server that exists on VLAN 208 at IP 10.241.209.67/21., its GW is 10.241.208.1 (first IP in /21 range)
as it is on the 10.0.0.0/8 network, traffic from the firewall is successfully routed from that server through my router to the FW and out to the Internet. The FW can ping, ssh, etc... the server and vice versa.
I want an iptables rule that will allow me to forward port 4401 on eth0:1 to 10.241.209.67:4401.
Is this possible since the IP is not on the same subnet as eth1, even though it is accessible?
I'm a bit better than a neophyte linux user. I have not made port forwards with it in the past without scripts to assist so I'm looking for not just "it is possible", but also the syntax of how to add it.
iam using arno iptables can give me command to ip forwarding cause my web server behind my router. my ip web server 192.168.0.11 and my ip router on eth 1 192.168.0.1 and eth0 i use to dial up my modem and i use pppoe for that.
View 2 Replies View RelatedI am playing around with transparent proxies, The current way I am doing things is the program makes a request to a computer on port 80, I use
Code:
iptables -t nat -A OUTPUT -p tcp --destination-port 80 -j REDIRECT --to-port 1234 to redirect to my proxy that I am playing with. the proxy will send out a request to port 81 (as all outbound port 80 are being fed back in to the proxy) so I want to do something like
Code:
iptables -t nat -A OUTPUT -p tcp --destination-port 81 -j DNAT --to-destination xxxx:80 The problem lies with the xxxx part. How do I change the destination port without changing changing the destination ip? Or am I doing this setup completely wrong,
I am getting the hang of IPTables.I've setup to open certain UDP ports but they simply refuse to show when I iptables -L.
iptables file:
$IPT -A INPUT -p udp --dport 13000 -j ACCEPT
$IPT -A INPUT -p udp --dport 13001 -j ACCEPT
[code]....
I am fairly new to Ubuntu/Linux and I have somehow managed to get a server up and running. For the past few months I have been trying to get masquerading working.
I have 2 network cards
eth0=Internal Lan IP address 192.168.0.254
eth1=router External IP address 10.0.0.1
I want all my internal lan traffic to go through my linux box & only have port 80 & 3128 go through squid. So for all pop3/smtp action I want the linux machine to act like a router & for port 80 & 3128 I want it to go through squid.
I've been beating myself over the head with iptables and CANNOT get port forwarding to work. Here's my situation: Static LAN IP on eth0 Static internet IP on eth1 ip_forward is turned on by uncommenting in sysctl.conf Here's the output of iptables-save:
Code:
# Generated by iptables-save v1.4.4 on Tue Mar 8 10:34:12 2011
*nat
:PREROUTING ACCEPT [2443:347058]
[Code]...
Edit: by the way, the intended purpose of this machine is to server as a gateway and firewall. MASQUERADE is working, for whatever that is worth. And the host behind the firewall that is serving up http is definitely working too. All that is not working is getting hosts on the internet talking to hosts behind the firewall.
I need the port 27015 to be open. I've opened it in iptables :
Quote:
iptables -A INPUT -p tcp -i eth0 --dport 27015 -j
But when i try :
Quote:
netstat -nan
The port 27015 do not appear as "LISTEN".
I was trying to setup port forwarding on my setup. My network consists of:
Code:
[Server: xxx.xxx.xxx.15]
|
|
[ switch ]
[code]....
I ran the following 2 commands:
# iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination xxx.xxx.xxx.15:80
# iptables -A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
Yet I am unable to connect. Are these the correct commands? I am using IP Masquedering on the same box using the following commands:
Code:
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
[code]....
I don't think there is a hidden firewall in the switch but if these commands are correct, then I may need to contact my ISP and see if they are blocking the commands. I just wanted to make sure I was not doing some stupid mistake before I try to contact my ISP.
EDIT: Also, is it possible to forward Port 80 requests to different servers depending on the hostname used to connect, so say [URL] redirects to server xxx.xxx.xxx.15 while hhh.com redirects to xxx.xxx.xxx.16?
I've got a box with 2 interfaces, with IP1 = 192.168.100.1 and IP2 = 10.1.1.1 respectively on them. I've got an iptables rule that looks like:
Code:
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 10.0.0.0/8 -p udp -j SNAT --to-source 10.1.1.1 --random
If I get 2 consecutive packets from the same address and port from 192.168.100.0/24, they get SNAT-ed and come out of the same port on 10.1.1.1. If then I get another packet from the same address and port 10 minutes later, then it gets SNAT-ed, but comes out of a different port on 10.1.1.1. How can I set the time delay I would like iptables to remember its incoming address/port to outgoing port mappings?
