Ubuntu :: Port Forwarding Using Iptables Not Working?

Jul 17, 2009

I am using ubuntu 8.40 as a router wit 2 nic.eth0 is for local and eth1 is for external network.i have a internal webserver in my lan and want to forward some ports to the net and i executed te following commands.

iptables -t nat -A PREROUTING -p tcp -i eth1 -d 192.168.0.239 --dport 8080 -j DNAT --to 192.168.10.99:8080
iptables -A FORWARD -p tcp -i eth1 -d 192.168.10.99 --dport 8080 -j ACCEPT

But i cant connect to the port 8080 from the external network.

View 11 Replies


ADVERTISEMENT

Networking :: Iptables Port Forwarding Not Working?

Jan 28, 2011

I've used iptables since it replace ipchains, and I've never had a problem like this.The problem is, as you can see by the title, that port forwarding simply does not work.

network topology:
Slackware Linux Server:
eth0 - LAN (192.168.0.0/25)
eth1 - DSL Static IP
eth2 - cable Static IP

eth1 is our standard office connection; it handles all of our default traffic (web browsing for the staff, email, etc). eth2 is our VPN connection, as well as use for all incoming connections (www, etc). Behind the linux box I have a series of Windows Server 2008 R2 boxes that are used to run our office software, website, etc - I don't care how nice they make their products these days, I simply don't trust any MS box open to the net.
Therefore, this leaves me with having to port forward port 80 from eth2 to the internal IP address of the web server.

My ruleset is as follows:

$WWW - ip address of the web server
iptables -A FORWARD -d $WWW -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to $WWW

Running ip route shows that I have routing entries for all 3 networks, and I can ping, ssh, etc to any of the addresses without issue. OpenVPN connects across eth2 as well, and all 15 of my VPN tunnels work fine. However - and here's the kicker - if I delete the default route and replace it with the route for eth2, port forwarding works fine.

If we accept that my networks are as follows:

192.168.0.0/25 - eth0 net, gw .1
1.1.1.0/29 - eth1 net, gw .1, eth1 ip .2
2.2.2.0/30 - eth2 net, gw .1, eth2 ip .2

then ip route reveals the following:

2.2.2.0 via 2.2.2.1 dev eth2
2.2.2.0 dev eth2 scope link src 2.2.2.2
1.1.1.0 dev eth1 scope link src 1.1.1.2

[code]....

View 7 Replies View Related

Server :: Iptables Port Forwarding Not Working?

Mar 26, 2010

I have the following setup and Im trying to forward all incoming connection on port 1194 on eth2 which is the external network to ip 192.168.10.100, but seems its not working.

Current config:

# Generated by iptables-save v1.3.8 on Sun Nov 16 00:00:54 2008
*nat
:PREROUTING ACCEPT [26751696:2175544875]
:POSTROUTING ACCEPT [339911:19096812]

[code]....

plus im adding the prerouting:

iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 1194 -j DNAT --to-destination 192.168.10.100

This configuration doesnt work. I also I have tried:

iptables -D PREROUTING -t nat -p tcp -d XX.XX.XX.XX --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.10.100:1194

and the same its not working. Connecting thru telnet to the domain: telnet mydomain.org 1194 doesnt work, but within the server, running telnet 192.168.10.100 1194 it works.

View 8 Replies View Related

Networking :: IPTables Port Forwarding Using Prerouting Not Working?

Feb 18, 2010

I was trying to setup port forwarding on my setup. My network consists of:

Code:

[Server: xxx.xxx.xxx.15]
|
|
[ switch ]

[code]....

I ran the following 2 commands:

# iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination xxx.xxx.xxx.15:80
# iptables -A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT

Yet I am unable to connect. Are these the correct commands? I am using IP Masquedering on the same box using the following commands:

Code:

$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT

[code]....

I don't think there is a hidden firewall in the switch but if these commands are correct, then I may need to contact my ISP and see if they are blocking the commands. I just wanted to make sure I was not doing some stupid mistake before I try to contact my ISP.

EDIT: Also, is it possible to forward Port 80 requests to different servers depending on the hostname used to connect, so say [URL] redirects to server xxx.xxx.xxx.15 while hhh.com redirects to xxx.xxx.xxx.16?

View 3 Replies View Related

Networking :: Iptables - Port Forwarding To Blocked Port?

Mar 25, 2010

I have a mail server on which I would like to block port 25 on my eth0 for everyone except our external spam filter. the problem is that I want our users to be able to connect via port 10025 which is forwarded to port 25, which then is blocked...

View 2 Replies View Related

Networking :: Iptables Not Port Forwarding?

Aug 14, 2010

I have a CentOS box which is Internet Facing. It has 3 LAN's connected to it which are for virtual machines.

I want to port forward port 445 to a machine on one of the LAN interfaces. I have tried various ways to get it done, but still cannot access that port from the interface. I definately know device hosting port 445 is live, as I can ping it from the CentOS box and use lynx to access it! (It's a web server)

iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 445 -j DNAT --to-destination 192.168.0.2:445

View 6 Replies View Related

Networking :: Iptables Port Forwarding?

Jun 7, 2010

I've been Googling about port forwarding iptables and even though there's result and I've applied it in my script, I can't make iptables forwading request to another machine so I decided to ask help.

eth0 is my Internet Interface (1.2.3.4 is the public ip)
eth1 is my Lan Interface
eth2 is my DMZ Interface

[code]....

View 14 Replies View Related

Networking :: Port Forwarding With IPTables?

May 6, 2011

I have a server running debian squeeze and kvm to virtualize a Windoze box. It's setup to use NAT. This is because of limits on the network by the admin and unfortunately, there isn't a way to get around this.

View 1 Replies View Related

Slackware :: Port Forwarding Using IPtables?

Jun 16, 2011

how to set an external static IP address to forward to an internal static IP address. Here is an example:

Linux box (slackware) IP address =
eth0: 10.xxx.xxx.xxx (internal)
eth1: xxx.xxx.xxx.170
eth1.0: xxx.xxx.xxx.171
eth1.1: xxx.xxx.xxx.172

DVR system that I need to forward to: IP address =
xxx.xxx.xxx.251
xxx.xxx.xxx.252

This was all setup by someone else whom I have never spoken with. The IP tables seems to be set up but I cannot provide a screen shot at this time. What I need to do is this. When a user connects to the external static IP address of xxx.xxx.xxx.171 with their DVR software, IP tables will forward to the DVR system at xxx.xxx.xxx.251. The ports desired are 554,555,556, and 557. I know some about Linux but not about IPtables.

View 1 Replies View Related

Ubuntu Networking :: Port Forwarding With Arno Iptables?

Feb 20, 2010

iam using arno iptables can give me command to ip forwarding cause my web server behind my router. my ip web server 192.168.0.11 and my ip router on eth 1 192.168.0.1 and eth0 i use to dial up my modem and i use pppoe for that.

View 2 Replies View Related

Ubuntu Security :: Iptables Not Allowing Port Forwarding

Sep 5, 2010

I've got two virtual machines running, the first VM (VM1) has two network interfaces, one bridged with my real lan, one a private subnet. The second VM (VM2) has one nic, only on the private subnet.

I have VM1 acting as a router for VM2, giving access to my real lan for internet access. The problem I'm having is I cannot get VM1 to forward ports 80 (http) or 222 (ssh) to VM2 from my real lan.

Here is the script I've cobbled together from various (foreshadowing!) locations:

Code:

View 1 Replies View Related

Ubuntu Networking :: Iptables And Cannot Get Port Forwarding To Work?

Mar 8, 2011

I've been beating myself over the head with iptables and CANNOT get port forwarding to work. Here's my situation: Static LAN IP on eth0 Static internet IP on eth1 ip_forward is turned on by uncommenting in sysctl.conf Here's the output of iptables-save:

Code:
# Generated by iptables-save v1.4.4 on Tue Mar 8 10:34:12 2011
*nat
:PREROUTING ACCEPT [2443:347058]

[Code]...

Edit: by the way, the intended purpose of this machine is to server as a gateway and firewall. MASQUERADE is working, for whatever that is worth. And the host behind the firewall that is serving up http is definitely working too. All that is not working is getting hosts on the internet talking to hosts behind the firewall.

View 1 Replies View Related

Networking :: IPTables Port Forwarding To Routed IP?

Aug 3, 2010

I have a linux server I'm intending to use as a firewall. The server has the following adapters

eth0 - Public IP (VLAN2)
eth0:1 - Public IP2 (VLAN2)
eth1 - 10.241.4.4 (VLAN4)

the Default gateway is my ISPs gateway. Additionally, I have the following route set: route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.241.4.1

I have a server that exists on VLAN 208 at IP 10.241.209.67/21., its GW is 10.241.208.1 (first IP in /21 range)

as it is on the 10.0.0.0/8 network, traffic from the firewall is successfully routed from that server through my router to the FW and out to the Internet. The FW can ping, ssh, etc... the server and vice versa.

I want an iptables rule that will allow me to forward port 4401 on eth0:1 to 10.241.209.67:4401.

Is this possible since the IP is not on the same subnet as eth1, even though it is accessible?

I'm a bit better than a neophyte linux user. I have not made port forwards with it in the past without scripts to assist so I'm looking for not just "it is possible", but also the syntax of how to add it.

View 2 Replies View Related

Ubuntu Servers :: Port Forwarding Setup Using IPTables - Transparent Proxy

May 13, 2010

I'm new to linux, but enjoy using it very much, especially without a GUI, console is fun! I need to set up port forwarding. We have 3 servers, 1x running Ubuntu server 8.04 (used as transparent proxy), 1x server 2003, 1x windows xp.

The linux box has the following ips:
eth0 (internal) 192.168.1.5
eth1 (external) 192.168.0.7

Windows server 2003:
192.168.1.6

Windows XP:
192.168.1.9

Router:
192.168.0.1

The router automatically forwards specific ports to 196.168.0.7 (Linux eth0). From there I want to forward port 8585 to 192.168.1.6 and 3000 to 192.168.1.9. Is there a way that I can do this using iptables?

The commands that I think I'm gonna use look like this:
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 8585 -d 192.168.1.6 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 3000 -d 192.168.1.9 -j ACCEPT

Would this be a correct way of doing it? My biggest problem is that I can't test it without going live, and if I go live and something doesn't work, the entire building will be left without internet, people will hate me. Also, The proxy captures all data on port 80 and forwards it to 3128 so that the proxy can monitor the usage, and a few systems runs fine with it, others however can ping websites, and internet explorer says "website found, waiting for reply" but the webpages cannot be displayed.

View 9 Replies View Related

General :: Setting Up Iptables For Traffic Forwarding On Port 80 From Specific Sources?

Jun 1, 2010

Im running a web server on port80, but i want traffic coming from ip 212.333.111.222 on port 80 to be fowarded to port 9020 on the same server that my web server is rinning at that is my sshd port

View 1 Replies View Related

Networking :: IPtables Port Forwarding \ Have A Computer With Two Interfaces Eth0(LAN) And Eth1(WAN)?

Apr 20, 2011

I have a computer with two interfaces eth0(LAN) and eth1(WAN).I have followed some guides on the internet and came up with this iptables configuration:

# Generated by iptables-save v1.4.4 on Wed Apr 20 09:43:12 2011
*nat
:OUTPUT ACCEPT [0:0]

[code].....

View 2 Replies View Related

Networking :: Iptables - Forwarding On Router Doesn't Appear To Be Working

Sep 12, 2009

For the background, I'll be using my router as a firewall with snort-inline enabled. I got 3 NIC's: one for the WAN, the second will be bridged to the WAN NIC for queuing traffic which snort-inline requires, and the third is the LAN NIC (the computer I use for everyday work). Here's how I have my interfaces set up:

Code:

# /etc/network/interfaces
# Loopback interface
auto lo
iface lo inet loopback

[code]....

From what I understand, queuing needs to be set up on the bridge. From the documentation I've read it's done like this:

Code:

iptables -A INPUT -j QUEUE
And then to forward traffic, I did:

Code:

iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE

I've done this and am able to ping the router, obtain a DNS address from dnsmasq from the LAN computer. From the router I am able to connect to the internet (ping, links <address>...). From the LAN computer trafficking isn't getting forwarded, Firefox, links, ping all don't resolve.

View 7 Replies View Related

Networking :: Shorewall: Port Forwarding Port Is Closed Even After Forwarding?

Dec 12, 2009

I have just set up shorewall on my router running Arch Linux. The external network is on eth0 and the internal network on eth1.I have set it up for masquerading and that works fine and I can open ports to the firewall. But I'm having trouble with port forwarding to my internal machines.The problem I have is that when port 22350 is forwarded to 192.168.1.3 on my local network, checking the port with nmap from a remote computer gives me:

Code:
PORT STATE SERVICE
22350/tcp closed unknown

[code]....

View 2 Replies View Related

Fedora Networking :: Port Forwarding Not Working?

Apr 23, 2009

I am running Fedora Core 10 and KDE 4.2.1. My KTorrent is having trouble finding online peers lately. I suspect this is a port forwarding issue. I have set up my router to forward port 4444 (UDP) and port 56000 and more (TCP) to my machine's IP address. I have also set my local firewall (system-config-firewall) to allow these ports through.But when I try to test ports 4444 and 56000 via this Open Port Check Tool, it tells me they are closed

View 6 Replies View Related

OpenSUSE Network :: Port Forwarding Not Working - Tests Using Netcat

May 17, 2011

I have two SUSE(2.6) virtual machines running in the same subnet with two network cards each as shown below.

VM1------------------------------------------------------------------------------
appstage1:~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:22:5A:24
inet addr:192.168.128.12 Bcast:192.168.128.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe22:5a24/64 Scope:Link

[Code]....

Ultimately my DB will run in VM2 and any DB requests coming in at 2055 of VM1 should be forwarded to port 2055 of VM2. Since I do not yet have a DB running I am trying to test with netcat.

View 5 Replies View Related

Debian :: Internet Has Stopped Working \ Broke When Tried To Allow Port Forwarding For Torrents?

May 7, 2011

I've had Debian on my laptop for around 4 months which I rarely use. I'm using Squeeze since it seems to be the only release that will work with my ethernet card.The internet had been working fine for a couple of months but broke when I tried to allow port forwarding for torrents. I could only connect to the internet after this by using:

iptables -F
iptables -X
iptables -t nat -F

[code]....

View 2 Replies View Related

Ubuntu Security :: SSH Port Forwarding, Disable Or Edit A Forwarded Port?

Nov 1, 2010

sudo ssh -L 750:192.168.123.103:873 username@192.168.123.103It does exactly what it's supposed to do, but how do i edit / remove this rule?Is there some config file where i can alter the forwarding? How does it get stored?Im using Ubuntu 10.10Server Edition (allthough i recon it would be pretty much the same across all versions

View 5 Replies View Related

Ubuntu :: Port Forwarding Crutch - Number Of Apps That Are Unable To Have The Outgoing Port Changed ?

Mar 28, 2010

I'm not that great with mailservers, and just been thrown a curveball with a MS Exchange environment for which there is apparently no solution... yeah, right. But is there a workaround?

The problem is that the site mail (SMTP) needs to be sent via port 26 instead of the commonly used 25. Port 25 is mapped to a mailfilter, which apparently causes havoc with some of the mail, and the techs that have been on site trying to coax the Exchange server to co-operate have said that the only way would be to get rid of the filter.

The problem is that there are number of apps that are unable to have the outgoing port changed and so keep sending mail out on port 25.

I look after the Unix/Linux side of things at work, and I was wondering if there was an easy way to set up a Ubuntu box to receive mail on port 25 and just forward it to the MS box on port 26? So, in other words (and I hope this makes sense): monitor port 25, and forward whatever comes in on port 25 to the server on port 26. Simple portforwarding, or is it? What steps do I need to take?

View 2 Replies View Related

Ubuntu Networking :: Error - Remote Port Forwarding Failed For Listen Port 5500

Aug 7, 2010

When I use the following command:

ssh user@ssh_server -L 5500:localhost:5500 -p 22

everything works fine. I can log in, and local port forwarding is done. Otherwise when I use the command:

ssh user@ssh_server -R 5500:localhost:5500 -p 22

I get an error "remote port forwarding failed for listen port 5500". However when I try remote port forwarding in WinXP by use of putty there is no problem...

View 2 Replies View Related

Ubuntu Networking :: Port Forwarding Through A Specific Port?

Jul 14, 2011

I want to set my ip as static and port forward it through a specific port can anyone help me with this im using ubuntu 10 with 64 bit OS

View 1 Replies View Related

General :: Warning: Remote Port Forwarding Failed For Listen Port 7869

Jul 20, 2010

I tried to make "ssh tunneling", but failed and got this message.

Quote:

Administrator@windstory-PC /
$ ssh -R 7869:localhost:7869 windowsstudy@192.168.0.4
windowsstudy@192.168.0.4's password:

Warning: remote port forwarding failed for listen port 7869 Last login: Wed Jul 21 01:56:04 2010 from 192.168.0.2 -bash-3.2$

1. system environment

192.168.0.2 - windows 7 + copssh
192.168.0.4 - centos 5.4 x86 + openssh

2. Guide for setting "ssh tunneling"

[URL]

3. Added this to sshd.conf

Quote:

AllowTcpForwarding yes

4. "netstat -na|grep 7869" at 192.168.0.4

Quote:

[root:maestro:~]# netstat -na|grep 7869
tcp 0 0 0.0.0.0:7869 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7869 127.0.0.1:53539 ESTABLISHED

[code]....

5. result of "ssh -vvv -R 7869:localhost:7869 windowsstudy@192.168.0.4"

Quote:

debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password

[code]....

6. I added 7869 for telnet service as follow;

Quote:

mytelnet 7869/tcp # My Telnet server

View 1 Replies View Related

Security :: Port-bind Shellcodes Work With Port-forwarding?

Apr 27, 2011

I'll explain this in one sentence: Is it possible to program a port-binding shellcode in which people across the Internet can connect to, without being thwarted by the router blocking their data because the port its bound to doesn't allow port-forwarding

View 2 Replies View Related

Networking :: Setup Port Forwarding Of Port 1000 To Ip 192.168.1.200?

Oct 24, 2010

I had to add them to my firewall script when I installed openvpn on my dd-wrt router:

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

what should I add/change to set up port forwarding of port 1000 to ip 192.168.1.200. also how to get the answer sent by 192.168.1.200 follow the same route used by the data received through port forwarding.

View 1 Replies View Related

Security :: Iptables: Verify Traffic On Port To Check If It Is Legitimate For That Port?

Apr 18, 2011

Is there any way to verify if packets being trafficked over a certain port are valid for the service you want to use this port for?

One obvious example that probably clarifies my question:
When I open port 443 (outgoing or incoming) for https/ssl traffic, I don't want this port to be used for say openvpn traffic.
Thus: when someone wants to surf to a website with https, it should be ok but if someone wants to connect to his home openvpn server over that same port, it should be blocked.

View 5 Replies View Related

Networking :: Use Iptables In Order To Forward All The Incoming Packets For Port 5555 To Port 5556?

Apr 4, 2011

I'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).

I wrote the following commands:

iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved