Find the answer to your Linux question:
Results 1 to 4 of 4
Hello, I need to connect to a server from my home (using DameWare remote control software). You have to have static IP to connect that server, because firewall is opened ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2010
    Posts
    1

    Port forwarding


    Hello,

    I need to connect to a server from my home (using DameWare remote control software). You have to have static IP to connect that server, because firewall is opened only for specific IPs. I don't have static IP in my home, but I have Debian server which have.

    I tried to test port forwarding (to forwad myserver:1234 to google.com:80), but it does not work. I did following setup:

    iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1234 -j DNAT --to 209.85.135.103:80

    iptables -A FORWARD -p tcp -m state --state NEW --dport 1234 -i eth0 -j ACCEPT


    Can I/how I can connect to server via my Debian server?

    Am I missing some fundamental information about port forwading?


    Thank you for any help
    Kari Surakka

  2. #2
    Just Joined!
    Join Date
    Feb 2009
    Posts
    22
    Quote Originally Posted by ksurakka View Post
    Hello,

    I need to connect to a server from my home (using DameWare remote control software). You have to have static IP to connect that server, because firewall is opened only for specific IPs. I don't have static IP in my home, but I have Debian server which have.

    I tried to test port forwarding (to forwad myserver:1234 to google.com:80), but it does not work. I did following setup:

    iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1234 -j DNAT --to 209.85.135.103:80

    iptables -A FORWARD -p tcp -m state --state NEW --dport 1234 -i eth0 -j ACCEPT


    Can I/how I can connect to server via my Debian server?

    Am I missing some fundamental information about port forwading?


    Thank you for any help
    Kari Surakka
    Can you describe your setup. With this information, it doesn't looks like you are attempting a valid thing. I assume you are trying to connect to an external server (not present in your local setup like google.com etc. etc. and hence outgoing connection) and you are thinking of a port-forwarding rule, which generally is applied to accept the incoming connections and to redirect to some predefined destination that too generally in local setup/zone. Also you say that the firewally will accept some specific IPs and you are not one among that. Since firewall will filterout on the basis of source IP, DNAT wont help here. So will the SNA, as the spoofed packets (containing one of the acceptable IP address as source) will pass throught the firewall but will be replied to that spoofed source and not your IP and this is not what you want.

  3. #3
    Just Joined! jippie's Avatar
    Join Date
    May 2006
    Location
    Eindhoven, the Netherlands
    Posts
    76
    You shouldn't need the FORWARD chain. You need to set ip_forwarding in /etc/sysctl.conf on your server.
    Code:
    net.ipv4.ip_forward=1
    I think you also have to do something similar like the following:
    Code:
    -A PREROUTING -d <remote_ip> -o eth0 -m comment --comment "Route traffic from my home to DameWare" -j MASQUERADE
    but I cannot check this. Should give you enough input to Google around a little more.

    Use the comment option in your iptables lines. Trust me, you'll forget the use of the line before you know it.

  4. #4
    Just Joined!
    Join Date
    Nov 2010
    Posts
    1
    thank you very much!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •