Find the answer to your Linux question:
Results 1 to 3 of 3
My Network: Code: Internet -----------|----------- Static IP Router IP: 192.168.0.1 -----------|----------- ETH0: 192.168.0.101 Ubuntu DHCP + Firewall ETH1: 172.17.207.121 -----------|----------- IP: 172.17.207.200 WebServer Ive got a internet static ip address ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2009
    Posts
    1

    IPTables Port Forwarding


    My Network:
    Code:
           Internet
    -----------|-----------
       Static IP Router
    IP: 192.168.0.1
    -----------|-----------
    ETH0: 192.168.0.101
     Ubuntu DHCP + Firewall
    ETH1: 172.17.207.121
    -----------|-----------
    IP: 172.17.207.200
           WebServer
    Ive got a internet static ip address im trying to forward requests from the internet on port 6900 to 172.17.207.200:80 (port 80) but it doesnt seem to work im trying to use these commands:
    Code:
    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 6900 -j DNAT --to 172.17.207.200
    /sbin/iptables -A FORWARD -d 172.17.207.200 -p tcp --dport 6900 -j ACCEPT
    but they dont seem to work it just times out i found out not that long ago i cant ping 172.17.207.200 from the server the server is running a dhcp server that works good and i can access the internet from the WebServer anyone know what im doing wrong?

    THIS is my rc.local script that port forwards sets up NAT etc:
    Code:
    #!/bin/sh -e
    #
    # rc.local
    #
    # This script is executed at the end of each multiuser runlevel.
    # Make sure that the script will "exit 0" on success or any other
    # value on error.
    #
    # In order to enable or disable this script just change the execution
    # bits.
    #
    # By default this script does nothing.
    echo " * STARTING AND CONFIGURING FIREWALL.................................."
    echo " * Flushing All iptables already setup				[ OK ]"
    # START FLUSH
    /sbin/iptables -F
    /sbin/iptables -X
    /sbin/iptables -t nat -F
    /sbin/iptables -t nat -X
    /sbin/iptables -t mangle -F
    /sbin/iptables -t mangle -X
    # END FLUSH
    
    echo " * Setting Default Filter Policy				[ OK ]"
    # START DEFAULT FILTER POLICY
    /sbin/iptables -P INPUT DROP
    /sbin/iptables -P OUTPUT ACCEPT
    # END DEFAULT FILTER POLICY
    
    echo " * Setting Unlimited access to loop back			[ OK ]"
    # START UNLIMITED ACCESS TO LOOPBACK
    /sbin/iptables -A INPUT -i lo -j ACCEPT
    /sbin/iptables -A OUTPUT -o lo -j ACCEPT
    # END UNLIMITED ACCESS TO LOOPBACK
    
    echo " * Setting up NAT...						[ OK ]"
    # START NAT
    /sbin/iptables -P FORWARD ACCEPT
    /sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE
    # END NAT
    
    echo " * Setting Port Forwards					[ OK ]"
    # START PORT FORWARDING
    # Allow UDP, DNS and Passive FTP
    echo " * Allowing UDP, DNS and Passive FTP				[ OK ]"
    /sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    # Allow Bittorent Incomming client request
    echo " * Opening Port 6881						[ OK ]"
    echo " * Opening Port 6999						[ OK ]"
    /sbin/iptables -A INPUT -p tcp --destination-port 6881:6999 -j ACCEPT
    # Allow SSHD Incoming client request
    echo " * Opening Port 22						[ OK ]"
    /sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    # Allow HTTP Incoming client request
    echo " * Opening Port 80						[ OK ]"
    /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    # Allow Webmin Incoming client request
    echo " * Opening Port 10000						[ OK ]"
    /sbin/iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
    echo " * Opening Port 3000						[ OK ]"
    /sbin/iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
    echo " * Opening Port 4214						[ OK ]"
    /sbin/iptables -A INPUT -p tcp --dport 4214 -j ACCEPT
    echo " * Finished Opening Ports					[ OK ]"
    echo " * Starting Forward Ports to inside Servers			[ OK ]"
    echo " * Forwarding Port 6900 to 172.17.207.200:80			[ OK ]"
    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 6900 -j DNAT --to 172.17.207.200:80
    /sbin/iptables -A FORWARD -d 172.17.207.200 -p tcp --dport 6900 -j ACCEPT
    echo " * Finished Forwarding Ports to inside Servers			[ OK ]"
    # END PORT FORWARDING
    
    echo " * Setting Open Ports						[ OK ]"
    # START LOCAL PORT OPENS
    # END LOCAL PORTS OPENS
    
    echo " * Drop Everything and Log it					[ OK ]"
    # START DROP everything and Log it
    /sbin/iptables -A INPUT -j LOG
    /sbin/iptables -A INPUT -j DROP
    # END DROP everything and Log it
    echo " * Setting up NAT						[ OK ]"
    exit 0
    dhcpd.conf file:
    Code:
    ddns-update-style none;
    option domain-name "router.local";
    option domain-name-servers 203.97.33.14, 203.97.37.14;
    option routers 172.17.207.121;
    default-lease-time 42300;
    max-lease-time 84600;
    authoritative;
    log-facility local7;
    subnet 172.17.0.0 netmask 255.255.0.0 {
    	range 172.17.207.1 172.17.207.100;
    }

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Look at this TUTORIAL to see how to use port forwarding.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    May 2009
    Location
    Philippines
    Posts
    2
    Hi Fuze,

    May I know what do you mean by "Static IP Router" ?


    ---
    Best Regards,
    Ranged
    Jr. Linux Administrator

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •