Find the answer to your Linux question:
Results 1 to 2 of 2
I just set up a Linux (Ubuntu) machine as a gateway, and it's working fine as such, except I can't get port forwarding to work. I want to forward bit ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 07-02-2005 #1
    BerwynIrish
    BerwynIrish is offline
    Just Joined!
    Join Date
    Jul 2005
    Posts
    1

    Port forwarding with iptables

    I just set up a Linux (Ubuntu) machine as a gateway, and it's working fine as such, except I can't get port forwarding to work. I want to forward bit torrent ports (6881 - 6889) to 192.168.1.1 This is my script to set up iptables:

    Code:
    EXT_IP="xxx.xxx.xxx.xxx" # actual value goes here

iptables -F
iptables -t nat -F
iptables --table nat --delete-chain
iptables -X

# default policies
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# block all new connections (unless initiated from internal network)
iptables -N state_chk
iptables -A state_chk -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A state_chk -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A state_chk -j DROP
# jump to the state_chk chain from INPUT and FORWARD chains
iptables -A INPUT -j state_chk
iptables -A FORWARD -j state_chk

# nat
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

##########################
# forward bit torrent ports
for PORT in 6881 6882 6883 6884 6885 6886 6887 6888 6889; do

iptables -t nat -I PREROUTING -p tcp -i eth0 -d $EXT_IP --dport $PORT -j DNAT --to-destination 192.168.1.1:${PORT}

iptables -I FORWARD -p tcp -i eth0 -d 192.168.1.1 --dport $PORT -j ACCEPT

done
##########################

echo 1 > /proc/sys/net/ipv4/ip_forward
    I find iptables to be very confusing and this script is a mish-mash of stuff I grabbed from the web where the author sounded like he knows what he's talking about and sold me on the code. So there may be some redundancies or contradictions in there. Regardless, these rules function fine as a gateway, but the torrent tracker I use keeps insisting that I'm still firewalled.

    From my research, the port-forwarding section I have seems to be the standard way of doing things. Is one of my other rules superceding the port-forwarding? I tend to doubt this, because I tried deleting everything from the script except the Masquerading rule and the port forwarding rules, and I still couldn't get the ports forwarded. Any suggestions?
    Reply With Quote Reply With Quote
  2. 07-05-2005 #2
    srerucha
    srerucha is offline
    Just Joined! srerucha's Avatar
    Join Date
    Jun 2005
    Location
    Brno, Czech republic
    Posts
    58

    Re: Port forwarding with iptables

    Try to use

    Code:
    iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $EXT_IP
    instead of

    Code:
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules