Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hi, having a small problem with por

Status
Not open for further replies.
clax99

clax99

Programmer
Oct 29, 2001
23
US
Hi, having a small problem with port forwarding using iptables. I want to forward all connections to port 5500 on ppp0, the external interface, to my internal windoze box, 192.168.0.99 on the same port, 5500. Its for a hotline server. here is my iptables init script, very basic, which already works for masquerading, although not very securely.
Any help would be nice on the port forwarding, thanx


#firewall/routing
modprobe ipt_MASQUERADE

/sbin/iptables -F
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F INPUT
/sbin/iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD ACCEPT
iptables -F FORWARD

iptables -A FORWARD -i ppp0 -p tcp --dport 5500 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp0 -p udp --dport 5500 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


iptables -A INPUT -i ppp0 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT

iptables -A INPUT -i ppp0 -p TCP --destination-port 139 -j REJECT
iptables -A INPUT -i ppp0 -p UDP --destination-port 139 -j REJECT
iptables -A INPUT -i ppp0 -p TCP --destination-port 6000 -j REJECT


iptables -t nat -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 5500 -j DNAT --to-destination 192.168.0.99:5500
iptables -t nat -A PREROUTING -i ppp0 -p udp --dport 5500 -j DNAT --to-destination 192.168.0.99:5500

iptables -t nat -A PREROUTING -i eth1 -p tcp -d 192.168.0.1 --dport 5500 -j DNAT --to-destination 192.168.0.99:5500
iptables -t nat -A PREROUTING -i eth1 -p udp -d 192.168.0.1 --dport 5500 -j DNAT --to-destination 192.168.0.99:5500

# - Enables packet forwarding by kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
 
Sort by date Sort by votes
INET_ADDR=`ifconfig ppp0 | grep inet | cut -d : -f 2 | cut -d \ -f 1`
iptables -A FORWARD -i ppp0 -d 192.168.0.0/24 -p tcp --dport 5500 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp0 -d 192.168.0.0/24 -p udp --dport 5500 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j SNAT --to-source $INET_ADDR
John D. Saucier
jsauce@magicguild.com
Certified Technician
Network Administrator
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
411
gbaughma
gbaughma
kristiandg
  • Locked
  • Question
Linux, "port mirror" between two boxes...
Replies
0
Views
123
kristiandg
kristiandg
Tosu
  • Locked
  • Question
hi .. i have installed linux sle
Replies
1
Views
106
ChrisHirst
ChrisHirst
Steve Bowman
  • Locked
  • Question
I have a Debian server (buster) I h
Replies
0
Views
73
Steve Bowman
Steve Bowman
mjj4golf2
  • Locked
  • Question
Help with setting up a media server
Replies
2
Views
131
vacunita
vacunita

Part and Inventory Search

Sponsor

Back
Top