Find the answer to your Linux question:
Results 1 to 3 of 3
My Network: Code: Internet -----------|----------- Static IP Router IP: 192.168.0.1 -----------|----------- ETH0: 192.168.0.101 Ubuntu DHCP + Firewall ETH1: 172.17.207.121 -----------|----------- IP: 172.17.207.200 WebServer Ive got a internet static ip address ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 04-26-2009 #1
    fuze
    fuze is offline
    Just Joined!
    Join Date
    Apr 2009
    Posts
    1

    IPTables Port Forwarding

    My Network:
    Code:
           Internet
-----------|-----------
   Static IP Router
IP: 192.168.0.1
-----------|-----------
ETH0: 192.168.0.101
 Ubuntu DHCP + Firewall
ETH1: 172.17.207.121
-----------|-----------
IP: 172.17.207.200
       WebServer
    Ive got a internet static ip address im trying to forward requests from the internet on port 6900 to 172.17.207.200:80 (port 80) but it doesnt seem to work im trying to use these commands:
    Code:
    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 6900 -j DNAT --to 172.17.207.200
/sbin/iptables -A FORWARD -d 172.17.207.200 -p tcp --dport 6900 -j ACCEPT
    but they dont seem to work it just times out i found out not that long ago i cant ping 172.17.207.200 from the server the server is running a dhcp server that works good and i can access the internet from the WebServer anyone know what im doing wrong?

    THIS is my rc.local script that port forwards sets up NAT etc:
    Code:
    #!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
echo " * STARTING AND CONFIGURING FIREWALL.................................."
echo " * Flushing All iptables already setup				[ OK ]"
# START FLUSH
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
# END FLUSH

echo " * Setting Default Filter Policy				[ OK ]"
# START DEFAULT FILTER POLICY
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
# END DEFAULT FILTER POLICY

echo " * Setting Unlimited access to loop back			[ OK ]"
# START UNLIMITED ACCESS TO LOOPBACK
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# END UNLIMITED ACCESS TO LOOPBACK

echo " * Setting up NAT...						[ OK ]"
# START NAT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE
# END NAT

echo " * Setting Port Forwards					[ OK ]"
# START PORT FORWARDING
# Allow UDP, DNS and Passive FTP
echo " * Allowing UDP, DNS and Passive FTP				[ OK ]"
/sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow Bittorent Incomming client request
echo " * Opening Port 6881						[ OK ]"
echo " * Opening Port 6999						[ OK ]"
/sbin/iptables -A INPUT -p tcp --destination-port 6881:6999 -j ACCEPT
# Allow SSHD Incoming client request
echo " * Opening Port 22						[ OK ]"
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Allow HTTP Incoming client request
echo " * Opening Port 80						[ OK ]"
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Allow Webmin Incoming client request
echo " * Opening Port 10000						[ OK ]"
/sbin/iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
echo " * Opening Port 3000						[ OK ]"
/sbin/iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
echo " * Opening Port 4214						[ OK ]"
/sbin/iptables -A INPUT -p tcp --dport 4214 -j ACCEPT
echo " * Finished Opening Ports					[ OK ]"
echo " * Starting Forward Ports to inside Servers			[ OK ]"
echo " * Forwarding Port 6900 to 172.17.207.200:80			[ OK ]"
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 6900 -j DNAT --to 172.17.207.200:80
/sbin/iptables -A FORWARD -d 172.17.207.200 -p tcp --dport 6900 -j ACCEPT
echo " * Finished Forwarding Ports to inside Servers			[ OK ]"
# END PORT FORWARDING

echo " * Setting Open Ports						[ OK ]"
# START LOCAL PORT OPENS
# END LOCAL PORTS OPENS

echo " * Drop Everything and Log it					[ OK ]"
# START DROP everything and Log it
/sbin/iptables -A INPUT -j LOG
/sbin/iptables -A INPUT -j DROP
# END DROP everything and Log it
echo " * Setting up NAT						[ OK ]"
exit 0
    dhcpd.conf file:
    Code:
    ddns-update-style none;
option domain-name "router.local";
option domain-name-servers 203.97.33.14, 203.97.37.14;
option routers 172.17.207.121;
default-lease-time 42300;
max-lease-time 84600;
authoritative;
log-facility local7;
subnet 172.17.0.0 netmask 255.255.0.0 {
	range 172.17.207.1 172.17.207.100;
}
    Reply With Quote Reply With Quote
  2. 04-26-2009 #2
    Lazydog
    Lazydog is offline
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,629
    Look at this TUTORIAL to see how to use port forwarding.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted
    Reply With Quote Reply With Quote
  3. 05-01-2009 #3
    ranged
    ranged is offline
    Just Joined!
    Join Date
    May 2009
    Location
    Philippines
    Posts
    2
    Hi Fuze,

    May I know what do you mean by "Static IP Router" ?


    ---
    Best Regards,
    Ranged
    Jr. Linux Administrator
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules