Page 1 of 4 123 ... LastLast
Results 1 to 10 of 35

Thread: Port Forwarding

  1. #1
    Join Date
    Apr 2006
    Beans
    23

    Exclamation Port Forwarding

    Hello all.
    I need help forwarding any connection from internet (eth0) on port 21 to a lan machine (eth1), more exaclty to 192.168.0.200:21.
    I've tryied many rules with iptables i've found in google but none worked.
    My network starting script:
    #!/bin/sh
    PATH=/usr/sbin:/sbin:/bin:/user/bin
    #dhclient eth0
    ifconfig eth1 192.168.0.1
    ifconfig eth1 up
    iptables -F
    iptables -t nat -F
    iptables -t mangle -F
    iptables -X
    iptables -P FORWARD ACCEPT
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    ######
    And i've also tryied addiing the next rule:
    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 21 -j DNAT --to-destination 192.168.0.200:21
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    And tryied to connect through lan (eth1) , localhost (lo) and tryied scanning with nmap remotely.
    And nmap shows 21 is filtered, but not open.

  2. #2
    Join Date
    Oct 2009
    Location
    Halifax, PA
    Beans
    105
    Distro
    Xubuntu 10.04 Lucid Lynx

    Re: Port Forwarding

    First off. At a glance, I don't see a "sysctl -w net.ipv4.ip_forward=1" to tell the kernel it's okay.

  3. #3
    Join Date
    Apr 2006
    Beans
    23

    Re: Port Forwarding

    Sorry forgot to say about that part:
    server:/proc/sys/net/ipv4# cat ip_forward
    1
    All the network works and from lan computers i can access the internet.

  4. #4
    Join Date
    Oct 2009
    Location
    Halifax, PA
    Beans
    105
    Distro
    Xubuntu 10.04 Lucid Lynx

    Re: Port Forwarding

    Okay. I assume that you don't have router hardware, because now your trying to be a router. I know how to do it in router hardware, but I'll take a look into this, because I'm interested in knowing this too.

  5. #5
    Join Date
    Apr 2006
    Beans
    23

    Re: Port Forwarding

    Yes, thise machine needs to be the router, because I dont have any other router hardware.

  6. #6
    Join Date
    Oct 2009
    Location
    Halifax, PA
    Beans
    105
    Distro
    Xubuntu 10.04 Lucid Lynx

    Re: Port Forwarding

    file:///usr/share/doc/iptables/html/NAT-HOWTO-3.html

    Destination NAT (DNAT)
    Destination NAT is when you alter the destination address of the first packet: i.e. you are changing where the connection is going to. Destination NAT is always done before routing, when the packet first comes off the wire. Port forwarding, load sharing, and transparent proxying are all forms of DNAT.

    file:///usr/share/doc/iptables/html/NAT-HOWTO-6.html#ss6.2

    ## Change destination addresses of web traffic to 5.6.7.8, port 8080.
    # iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 5.6.7.8:8080
    I need help forwarding any connection from internet (eth0) on port 21 to a lan machine (eth1), more exaclty to 192.168.0.200:21.
    Given:
    eth0 -> WAN
    eth1-> LAN = 192.168.0.0

    Code:
    ## Change destination addresses of FTP(=21) traffic to 192.168.0.200, port 21.
    # iptables -t nat -A PREROUTING -p tcp --dport 21 -i eth0 -j DNAT --to 192.168.0.200:21
    Try that.
    Last edited by ermeyers; October 4th, 2009 at 09:52 AM. Reason: undo \

  7. #7
    Join Date
    Apr 2006
    Beans
    23

    Re: Port Forwarding

    Ok,i've tryied but when i try to connect from lan, it doesnt report any error and just drops the connection.
    With nmap i scanned localhost and 192.168.0.1, and the port wasnt shown.
    Also tryied the service nmap-online.com and it shows that 21 is filtered.
    Tryied nmap from lan, and it doesnt show the 21 either.
    And when i connect directly to 192.168.0.200 on port 21 i get connected.

  8. #8
    Join Date
    Oct 2009
    Location
    Halifax, PA
    Beans
    105
    Distro
    Xubuntu 10.04 Lucid Lynx

    Re: Port Forwarding

    Quote Originally Posted by jen140 View Post
    Ok,i've tryied but when i try to connect from lan, it doesnt report any error and just drops the connection.
    With nmap i scanned localhost and 192.168.0.1, and the port wasnt shown.
    Also tryied the service nmap-online.com and it shows that 21 is filtered.
    Tryied nmap from lan, and it doesnt show the 21 either.
    And when i connect directly to 192.168.0.200 on port 21 i get connected.
    This DNAT statement is only working on the eth0/WAN interface, so any eth1/LAN attempt will still be dependent upon an FTP server running on the 192.168.0.1 machine. Try running a sniffer on eth1 to see if anything is passing over.

  9. #9
    Join Date
    Apr 2006
    Beans
    23

    Re: Port Forwarding

    Thank i will ask to someone connect to it, if it is possible :
    83.132.157.116
    You should get the next header : "220 ---freeFTPd 1.0---warFTPd 1.65---"

  10. #10
    Join Date
    Oct 2009
    Location
    Halifax, PA
    Beans
    105
    Distro
    Xubuntu 10.04 Lucid Lynx

    Re: Port Forwarding

    Did you clean out your other iptables attempts?

    $ telnet 83.132.157.116 21
    Trying 83.132.157.116...
    ^C
    $ telnet 83.132.157.116 22
    Trying 83.132.157.116...
    telnet: Unable to connect to remote host: Connection refused

Page 1 of 4 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •