iptables redirect

[viperce]

Hi,

I wonder if someone can help me with this, i need to forward port 80 on my ubuntu server to another machine on my network

my incoming connection is ppp0 & my network machine is 192.168.2.250 (eth0)

Thanks for the help

[viperce]

Bump

[BkkBonanza]

Try,

iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to 192.168.2.150

You will likely have to enable forwarding,

echo 1 > /proc/sys/net/ipv4/ip_forward

These both need to be done after booting so should be added to a script in /etc/network/if-up.d/ directory where they get run at init.

[HermanAB]

Howdy,

You can also use socat.

[viperce]

hi Bonanza

I tried the commands you gave me but they did not seem to work.
any other ideas?

[BkkBonanza]

That command should work. I've used the same on my Ubuntu based router. Can you post the output of iptables -vnL here? Note, you will need to use sudo when you do anything with iptables.

Also the output of the route -n command because if you don't have a route set correctly then it won't go where you expect. Is there a second interface for your LAN other than ppp0? eg. eth0

[viperce]

iptables -vnL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
873 217K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
460K 98M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1759 87024 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp multiport dports 25,3128
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
632 30320 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp multiport dports 25,3128
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp multiport dports 80,5900
1 52 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5900
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp multiport dports 21,22
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp multiport dports 21,22
1 40 DROP tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1025:65535 flags:0x17/0x02
42 5496 DROP udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:65535
57 18931 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:65535
45 8688 DROP udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:65535
3 144 DROP tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:1024
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:1024
0 0 DROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:1024
0 0 DROP udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1:1024
1319 180K DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1:1024
3328 420K DROP udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1:1024
7 1292 DROP all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
57 1824 DROP all -- eth1 * 0.0.0.0/0 0.0.0.0/0
121 3872 DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 798K packets, 1020M bytes)
pkts bytes target prot opt in out source destination

route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
41.133.132.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth1
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0

ye i have eth1

[BkkBonanza]

I should have also asked for iptables -t nat -vnL since that isn't shown in your listing. The routing seems ok. At least something for 192.168.2.150 should be going out eth0, which I assume is the correct network for the destination server.

Also note that you have a DROP on eth0 for inputs to destination port 1-1024. I'd expect that isn't causing the issue but for the purposes of debugging I'd say it's best to test with a clean iptables to be sure there isn't some interefence from other rules.

[viperce]

iptables -t nat -vnL

Chain PREROUTING (policy ACCEPT 32218 packets, 2867K bytes)
pkts bytes target prot opt in out source destination
4 192 DNAT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.2.150
798 38304 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.2.150
Chain OUTPUT (policy ACCEPT 3533 packets, 226K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 3533 packets, 226K bytes)
pkts bytes target prot opt in out source destination

ty i will try that so long

[viperce]

Morning,
OK I removed all the rules & started again but it still will not work.
I can connect to the web server locally no problem http://192.168.2.150
but still no joy through the ppp0 connection

Here is everything you asked me for yesterday thanks again for the help

iptables -vnL

Chain INPUT (policy ACCEPT 2198 packets, 204K bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 3 packets, 152 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 725 packets, 94037 bytes)
pkts bytes target prot opt in out source destination

iptables -t nat -vnL

Chain PREROUTING (policy ACCEPT 847 packets, 102K bytes)
pkts bytes target prot opt in out source destination
4 204 DNAT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.2.150

Chain POSTROUTING (policy ACCEPT 12 packets, 783 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 11 packets, 731 bytes)
pkts bytes target prot opt in out source destination

route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
41.133.132.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0

also checked ip_forward

root@proxyserver:/# cat /proc/sys/net/ipv4/ip_forward
1