Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Redirecting external ports to local ip

  1. #1
    Join Date
    Feb 2014
    Beans
    21

    Redirecting external ports to local ip

    Hi,

    I have a ubuntu 13.10 server and a registered domain name. I have a web server on my 192.168.24.1 machine and a ftp server on my 192.168.24.2.

    Using iptables I want:

    1) people who write : http://mydomainname.com to be redirected to 192.168.24.1
    2) people who want to use my ftp (filezilla or something inputing mydomainname)to be redirected to 192.168.24.2

    Thank you in advance for your answers!

  2. #2
    Join Date
    Feb 2009
    Location
    Dallas, TX
    Beans
    6,609
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Redirecting external ports to local ip

    Hi Felhazi_Andrei.

    It looks like you are redirecting your domain to your home, or office, Right?

    What you need to do is called 'Port Forwarding' and it is done in the router that connects you to the Internet. The specific instructions on how to do it depends on you router's brand and model. This is a good start point: How To Open a Port on your Router.

    If that is not exactly your situation, explain us a little bit more the actual network layout.

    Hope it helps. Let us know how it goes.
    Regards.

  3. #3
    Join Date
    Feb 2014
    Beans
    21

    Re: Redirecting external ports to local ip

    My totpology: Internet --> Ubuntu 13.10 server(192.168.24.1) --> Switch --> ftp server (192.168.24.2)

    I just want the actual iptables rules to put in 192.168.24.1 to forward port 80 to localhost and ports 21, 22 to 192.168.24.2

  4. #4
    Join Date
    Feb 2009
    Location
    Dallas, TX
    Beans
    6,609
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Redirecting external ports to local ip

    Did you enable the server as a router? Here's a guide. The key is to enable forwarding:
    Code:
    echo "1" > /proc/sys/net/ipv4/ip_forward
    What are your current iptables rules?

    If you add something like this should work, but you need to have your other basic rules.
    Code:
    iptables -t nat -A PREROUTING -p tcp -dport 80 -j DNAT –to-destination 192.168.24.1:80
    
    iptables -t nat -A POSTROUTING -j MASQUERADE
    Is that what you're looking for?
    Regards.

  5. #5
    Join Date
    Feb 2014
    Beans
    21

    Re: Redirecting external ports to local ip

    My server is already a router. I want to send all external ftp requests to my 192.168.24.2. That`s it.

    My current NAT:

    -A POSTROUTING -j MASQUERADE
    -A POSTROUTING -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 20 -j SNAT --to-source 192.168.24.2:20

  6. #6
    Join Date
    Feb 2014
    Beans
    21

    Re: Redirecting external ports to local ip

    Generated by iptables-save v1.4.18 on Thu Apr 10 22:25:26 2014
    *nat
    : PREROUTING ACCEPT [531:36290]
    :INPUT ACCEPT [14:2485]
    :OUTPUT ACCEPT [571:36459]
    : POSTROUTING ACCEPT [0:0]
    -A POSTROUTING -j MASQUERADE
    #-A POSTROUTING -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 20 -j SNAT --to-source 192.168.24.2:20
    COMMIT
    # Completed on Thu Apr 10 22:25:26 2014
    # Generated by iptables-save v1.4.18 on Thu Apr 10 22:25:26 2014
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [153:8421]
    :OUTPUT ACCEPT [826:98933]
    -A INPUT -i lo -j ACCEPT
    -A INPUT -i eth1 -j ACCEPT
    -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
    -A INPUT -j DROP
    -A FORWARD -s 192.168.24.0/30 -i eth0 -o eth1 -m conntrack --ctstate NEW -j ACCEPT
    -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
    COMMIT
    # Completed on Thu Apr 10 22:25:26 2014

  7. #7
    Join Date
    Nov 2007
    Location
    Newry, Northern Ireland
    Beans
    1,258

    Re: Redirecting external ports to local ip

    I think you need to add the following PREROUTING rule under PREROUTING ACCEPT in the nat table:
    Code:
    -A PREROUTING -p tcp -dport 21 -j DNAT –to-destination 192.168.24.2:21
    Can't think of anything profound or witty.
    My Blog: http://gonzothegeek.blogspot.co.uk/

  8. #8
    Join Date
    Feb 2014
    Beans
    21

    Re: Redirecting external ports to local ip

    I tried that, recieved the following:


    Bad argument `21'
    Try `iptables -h' or 'iptables --help' for more information.
    Last edited by Felhazi_Andrei; May 17th, 2014 at 02:56 PM.

  9. #9
    Join Date
    Nov 2007
    Location
    Newry, Northern Ireland
    Beans
    1,258

    Re: Redirecting external ports to local ip

    Hmm, you sure you only added the line I said and then re-applied the rules? I have no '80' in the line I pasted......

    Your entire iptables-save file would look like this:
    Code:
    Generated by iptables-save v1.4.18 on Thu Apr 10 22:25:26 2014
    *nat
    : PREROUTING ACCEPT [531:36290]
    -A PREROUTING -p tcp -dport 21 -j DNAT –to-destination 192.168.24.2:21
    :INPUT ACCEPT [14:2485]
    :OUTPUT ACCEPT [571:36459]
    : POSTROUTING ACCEPT [0:0]
    -A POSTROUTING -j MASQUERADE
    #-A POSTROUTING -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 20 -j SNAT --to-source 192.168.24.2:20
    COMMIT
    # Completed on Thu Apr 10 22:25:26 2014
    # Generated by iptables-save v1.4.18 on Thu Apr 10 22:25:26 2014
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [153:8421]
    :OUTPUT ACCEPT [826:98933]
    -A INPUT -i lo -j ACCEPT
    -A INPUT -i eth1 -j ACCEPT
    -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
    -A INPUT -j DROP
    -A FORWARD -s 192.168.24.0/30 -i eth0 -o eth1 -m conntrack --ctstate NEW -j ACCEPT
    -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
    COMMIT
    # Completed on Thu Apr 10 22:25:26 2014
    and would be applied using
    Code:
    sudo iptables-restore < /path/to/file
    Can't think of anything profound or witty.
    My Blog: http://gonzothegeek.blogspot.co.uk/

  10. #10
    Join Date
    Feb 2014
    Beans
    21

    Re: Redirecting external ports to local ip

    I wrote 80 by mistake sorry! It sait bad argument 21.

    I wrote that rule in my file and it gave that error when i tried iptables-restore. Any alternative for -dport?

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •