NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: problems with port forwarding

from [Elvir Kuric] [Permanent Link][Original]
To: Andres Baravalle <andres.baravalle@gmail.com>, netfilter@lists.netfilter.org
Subject: Re: problems with port forwarding
From: Elvir Kuric <omasnjak@yahoo.com>
Date: Fri, 23 Feb 2007 10:30:40 -0800 (PST)
Cc:
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=ZsWO9wXLNoOb/CeAkN29wwD71H4HJVAsozfrMz35SP5VRuJNcqpa23EWkaQnKcAfZ9XMFn5fzOVHx3MlN9FDeVhh6aHfgBhWvht64lZpxuXfjmZUagNOBu2tnPeMwx5KIrSSDmFS76xoVTyKHyq7eV3P3ep+dlLGjLmoysu+xX0=;
In-reply-to: <45992f580702230807p39f8fcacr914ef910270ae2ba@mail.gmail.com>
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender: netfilter-bounces@lists.netfilter.org 
Hi Andreas, 

try this, ....implement this rule on machineA

iptables -A INPUT -p tcp --dport 10022 -j DNAT
--to-destination IP_ADDRESS:port(22)

This will allow you to connect to port 22 on wished
machine.
Be sure you allowed ip_forward option at echo 1 >
/proc/sys/net/ipv4/ip_forward 

Best wishes 

Elvir Kuric 



--- Andres Baravalle <andres.baravalle@gmail.com>
wrote:

> Hi,
> I need to forward a port from one server to another
> - and I'm having
> some trouble.
> 
> I have a server (A) and I want connections to port
> 10022 in server A
> to be forwarded to port 22 in server B.
> 
> I tough I got the procedure correctly, because it's
> working using
> another server (C) and server B.
> 
> Anyway, here are the relevant tables:
> 
> iptables -L --line-numbers -t nat
> 
> Chain PREROUTING (policy ACCEPT)
> num  target     prot opt source              
> destination
> 1    DNAT       tcp  --  anywhere            
> anywhere            tcp
> dpt:ftp to:SERVER_B:22
> 2    LOG        all  --  anywhere            
> SERVER_B    LOG level debug
> 
> Chain POSTROUTING (policy ACCEPT)
> num  target     prot opt source              
> destination
> 1    SNAT       tcp  --  anywhere            
> SERVER_B    tcp dpt:ssh
> to:SERVER_A
> 2    LOG        tcp  --  anywhere            
> SERVER_B    LOG level debug
> 
> iptables -L FORWARD
> 
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere   
>         state
> RELATED,ESTABLISHED
> REJECT     tcp  --  anywhere             anywhere   
>         tcp
> flags:!SYN,RST,ACK/SYN reject-with tcp-reset
> DROP       all  --  anywhere             anywhere   
>         state INVALID
> ACCEPT     tcp  --  anywhere             SERVER_B   
> tcp dpt:10022
> ACCEPT     all  --  anywhere             anywhere
> LOG        tcp  --  anywhere             SERVER_B   
> LOG level warning
> 
> If I connect from server A to localhost, port 10022,
> it works. If I
> connect from any other machine to server A, port
> 10022, it doesn't.
> 
> Any suggestions? I've been looking at this and
> making tests for a long
> time today and I can't find the error.
> 
> By the way, I can't see any entries in the log...
> 
>    Andres
> 
> 



 
____________________________________________________________________________________
Finding fabulous fares is fun.  
Let Yahoo! FareChase search your favorite travel sites to find flight and hotel 
bargains.
http://farechase.yahoo.com/promo-generic-14795097
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: problems with port forwarding, Andres Baravalle
Next by Date:  Re: problems with port forwarding, Silvio Fonseca
Previous by Thread:  Re: problems with port forwarding, Andres Baravalle
Next by Thread:  Re: problems with port forwarding, Silvio Fonseca
Indexes:  [Date] [Thread] [Top] [All Lists]