iptables port redirection problem - Networking

This is a discussion on iptables port redirection problem - Networking ; Hello linux networking people! I have the following configuration: Gateway: eth0 (WAN) with something like 83.9.9.9 eth1 (LAN) with 10.1.1.1 running sshd on port 22 Server 1 (internal): eth0 with 10.1.1.2 running sshd on port 22 Server 2 (internal): eth0 ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: iptables port redirection problem

  1. iptables port redirection problem

    Hello linux networking people!

    I have the following configuration:

    Gateway:
    eth0 (WAN) with something like 83.9.9.9
    eth1 (LAN) with 10.1.1.1
    running sshd on port 22

    Server 1 (internal):
    eth0 with 10.1.1.2
    running sshd on port 22

    Server 2 (internal):
    eth0 with 10.1.1.3
    running sshd on port 22

    I want my firewall script (using iptables) to redirect the following
    ports on the getway eth0:
    2222 to 10.1.1.2:22
    2223 to 10.1.1.3:22

    I've tried the following lines, but this gives me just the login to the
    gateway server:
    [...]
    LAN_IP=$(ifconfig eth1 | head -n 2 | tail -n 1 | cut -d: -f2 | cut -d"
    " -f 1)
    [...]
    iptables -A INPUT -i eth0 -m state --state NEW -p tcp --dport 2222 -j
    ACCEPT
    iptables -I FORWARD -s 0/0 -d 10.1.1.2 -p tcp --dport 22 -i eth0 -j
    ACCEPT
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT
    --to-destination 10.1.1.2:22
    iptables -t nat -A POSTROUTING -o eth1 -p tcp --dport 22 -j SNAT
    --to-source $LAN_IP
    [...]

    What am I doing wrong???

    Thank you
    Johann


  2. Re: iptables port redirection problem

    I think what I'd be inclined to do next is use inetd, something like:

    #defaultn
    service
    {
    type = INTERNAL UNLISTED
    port = 2223
    socket_type = stream
    redirect = 10.1.1.2
    protocol = tcp
    wait = no
    disable = no
    only_from = 83.9.9.9
    }

    and give it a name and save it in /etc/xinetd.d/

    Worked for limewire 4 me

    :-) Peter

    horvatj wrote:
    > Hello linux networking people!
    >
    > I have the following configuration:
    >
    > Gateway:
    > eth0 (WAN) with something like 83.9.9.9
    > eth1 (LAN) with 10.1.1.1
    > running sshd on port 22
    >
    > Server 1 (internal):
    > eth0 with 10.1.1.2
    > running sshd on port 22
    >
    > Server 2 (internal):
    > eth0 with 10.1.1.3
    > running sshd on port 22
    >
    > I want my firewall script (using iptables) to redirect the following
    > ports on the getway eth0:
    > 2222 to 10.1.1.2:22
    > 2223 to 10.1.1.3:22
    >
    > I've tried the following lines, but this gives me just the login to the
    > gateway server:
    > [...]
    > LAN_IP=$(ifconfig eth1 | head -n 2 | tail -n 1 | cut -d: -f2 | cut -d"
    > " -f 1)
    > [...]
    > iptables -A INPUT -i eth0 -m state --state NEW -p tcp --dport 2222 -j
    > ACCEPT
    > iptables -I FORWARD -s 0/0 -d 10.1.1.2 -p tcp --dport 22 -i eth0 -j
    > ACCEPT
    > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT
    > --to-destination 10.1.1.2:22
    > iptables -t nat -A POSTROUTING -o eth1 -p tcp --dport 22 -j SNAT
    > --to-source $LAN_IP
    > [...]
    >
    > What am I doing wrong???
    >
    > Thank you
    > Johann



+ Reply to Thread