port redirect not accepted? - Networking

This is a discussion on port redirect not accepted? - Networking ; Hi all, It must be simple what i want, but I just can't find it... I'm using an ubuntu box with IPTables 1.3.3, which I manage through webmin. I want to route all incoming connections to port 6603 to be ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: port redirect not accepted?

  1. port redirect not accepted?

    Hi all,

    It must be simple what i want, but I just can't find it...
    I'm using an ubuntu box with IPTables 1.3.3, which I manage through webmin.

    I want to route all incoming connections to port 6603 to be redirected
    to port 3306; all on the same machine.

    I made a redirect for this which does just that, but now it still
    doesn't accept it, because my default input rule is to DROP.
    Now, I can open up port 3306 in the input-chain, then everything works
    ok....but the problem is, it is just my point to NOT have that port open

    I know, i could change my dbase port to 6603, but i prefer using
    iptables. So, how can I make an input rule that will only accept for
    redirected traffic?

    Thnx in advance...

    Laurens

  2. Re: port redirect not accepted?

    On Sun, 18 Mar 2007, Laurens wrote:

    > Hi all,
    >
    > It must be simple what i want, but I just can't find it...
    > I'm using an ubuntu box with IPTables 1.3.3, which I manage through webmin.
    >
    > I want to route all incoming connections to port 6603 to be redirected to
    > port 3306; all on the same machine.
    >
    > I made a redirect for this which does just that, but now it still doesn't
    > accept it, because my default input rule is to DROP.
    > Now, I can open up port 3306 in the input-chain, then everything works
    > ok....but the problem is, it is just my point to NOT have that port open
    >
    > I know, i could change my dbase port to 6603, but i prefer using iptables.
    > So, how can I make an input rule that will only accept for redirected
    > traffic?
    >
    > Thnx in advance...
    >
    > Laurens
    >



    To tell you the truth I can't figure out what you are trying to do. If you
    want to redirect incoming traffic to a different port, try this:

    $IPT -t nat -I PREROUTING -p tcp -d IP.ADDR.OF.BOX --dport 6603 -i \
    $EXTINT -j DNAT --to IP.ADDR.OF.BOX:3306

    where $IPT is your iptables binary and $EXTINT is the interface you want
    this rule to apply to. This also assumes you have a prerouting rule like:

    $IPT -t nat -P PREROUTING ACCEPT

    I am not familiar with the particular GUI configuration tool you are using
    with your distribution of Linux but these iptables calls are
    distro-independant.

    If this doesn't answer your question please restate it more clearly and I
    will see if I can offer some help.


    --
    Sir Jackery

  3. Re: port redirect not accepted?

    Sir Jackery wrote:
    > On Sun, 18 Mar 2007, Laurens wrote:
    >
    >> Hi all,
    >>
    >> It must be simple what i want, but I just can't find it...
    >> I'm using an ubuntu box with IPTables 1.3.3, which I manage through
    >> webmin.
    >>
    >> I want to route all incoming connections to port 6603 to be redirected
    >> to port 3306; all on the same machine.
    >>
    >> I made a redirect for this which does just that, but now it still
    >> doesn't accept it, because my default input rule is to DROP.
    >> Now, I can open up port 3306 in the input-chain, then everything works
    >> ok....but the problem is, it is just my point to NOT have that port
    >> open
    >>
    >> I know, i could change my dbase port to 6603, but i prefer using
    >> iptables. So, how can I make an input rule that will only accept for
    >> redirected traffic?
    >>
    >> Thnx in advance...
    >>
    >> Laurens
    >>

    >
    >
    > To tell you the truth I can't figure out what you are trying to do. If
    > you want to redirect incoming traffic to a different port, try this:
    >
    > $IPT -t nat -I PREROUTING -p tcp -d IP.ADDR.OF.BOX --dport 6603
    > -i \
    > $EXTINT -j DNAT --to IP.ADDR.OF.BOX:3306
    >
    > where $IPT is your iptables binary and $EXTINT is the interface you want
    > this rule to apply to. This also assumes you have a prerouting rule like:
    >
    > $IPT -t nat -P PREROUTING ACCEPT
    >
    > I am not familiar with the particular GUI configuration tool you are
    > using with your distribution of Linux but these iptables calls are
    > distro-independant.
    >
    > If this doesn't answer your question please restate it more clearly and
    > I will see if I can offer some help.
    >
    >

    Ok, let me try and clear it a bit up

    My box hangs on the net and has two interfaces, eth0 and 1. eth0 is
    internet, eth1 has 192.168.0.1. It is doing NAT and masquerading for my
    network, but also runs an sql server.

    now I redirect all calls to port 6603 to 3306. I manage to do that using
    a DNAT rule to 192.168.0.1, and when I use a REDIRECT rule, it also works.
    But, it now only works for everything on the eth1, because in the filter
    table, everything other than eth0 is accepted.
    For eth1 now, I have a few rules (like accept established and related
    connections) in filter table.
    To get the redirect to work for eth0, i need to accept all conn's to
    port 3306.
    Great, so i can redirect 6603 to 3306 and it works, also from the
    outside! But, what i need is to block port 3306 to everyone BUT the
    redirect. Only calls to 6603 may be allowed.

    Hopefully, that clears up a bit? I'm not very used to the command line
    commands for iptables, but i'm able to retrieve what i need from it, so
    that's fine...

    Thanks so far...

    Kind Regards,

    Laurens

+ Reply to Thread