Re: problems with port forwarding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Andreas, 

try this, ....implement this rule on machineA

iptables -A INPUT -p tcp --dport 10022 -j DNAT
--to-destination IP_ADDRESS:port(22)

This will allow you to connect to port 22 on wished
machine.
Be sure you allowed ip_forward option at echo 1 >
/proc/sys/net/ipv4/ip_forward 

Best wishes 

Elvir Kuric 



--- Andres Baravalle <andres.baravalle@xxxxxxxxx>
wrote:

> Hi,
> I need to forward a port from one server to another
> - and I'm having
> some trouble.
> 
> I have a server (A) and I want connections to port
> 10022 in server A
> to be forwarded to port 22 in server B.
> 
> I tough I got the procedure correctly, because it's
> working using
> another server (C) and server B.
> 
> Anyway, here are the relevant tables:
> 
> iptables -L --line-numbers -t nat
> 
> Chain PREROUTING (policy ACCEPT)
> num  target     prot opt source              
> destination
> 1    DNAT       tcp  --  anywhere            
> anywhere            tcp
> dpt:ftp to:SERVER_B:22
> 2    LOG        all  --  anywhere            
> SERVER_B    LOG level debug
> 
> Chain POSTROUTING (policy ACCEPT)
> num  target     prot opt source              
> destination
> 1    SNAT       tcp  --  anywhere            
> SERVER_B    tcp dpt:ssh
> to:SERVER_A
> 2    LOG        tcp  --  anywhere            
> SERVER_B    LOG level debug
> 
> iptables -L FORWARD
> 
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere   
>         state
> RELATED,ESTABLISHED
> REJECT     tcp  --  anywhere             anywhere   
>         tcp
> flags:!SYN,RST,ACK/SYN reject-with tcp-reset
> DROP       all  --  anywhere             anywhere   
>         state INVALID
> ACCEPT     tcp  --  anywhere             SERVER_B   
> tcp dpt:10022
> ACCEPT     all  --  anywhere             anywhere
> LOG        tcp  --  anywhere             SERVER_B   
> LOG level warning
> 
> If I connect from server A to localhost, port 10022,
> it works. If I
> connect from any other machine to server A, port
> 10022, it doesn't.
> 
> Any suggestions? I've been looking at this and
> making tests for a long
> time today and I can't find the error.
> 
> By the way, I can't see any entries in the log...
> 
>    Andres
> 
> 



 
____________________________________________________________________________________
Finding fabulous fares is fun.  
Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.
http://farechase.yahoo.com/promo-generic-14795097
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux