Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Iptables Nat forward port 29070
Operating Systems Linux Debian Iptables Nat forward port 29070 Post 302598297 by titoms on Tuesday 14th of February 2012 03:44:13 AM
Old 02-14-2012
Iptables Nat forward port 29070
Hello, the Nat and the forward worked on my debian server up to the reboot of machines.

The following rules*:


/sbin/iptables -t nat -A PREROUTING -p tcp -i eth2 -d xxx.xxx.xxx.xxx --dport 29070 -j DNAT --to-destination 10.0.1.7:29070
/sbin/iptables -A FORWARD -p tcp -i eth2 -o eth0 -d 10.0.1.7 --dport 29070 --sport 1024:65535 -m state --state NEW -j ACCEPT

Since the reboot, that doesn't work any more.

I have another rules towards one the others server and that her works.


/sbin/iptables -t nat -A PREROUTING -p tcp -i eth2 -d xxx.xxx.xxx.xxx --dport 29082 -j DNAT --to-destination 10.0.1.8:29082
/sbin/iptables -A FORWARD -p tcp -i eth2 -o eth0 -d 10.0.1.8 --dport 29082 --sport 1024:65535 -m state --state NEW -j ACCEPT

Thank you for your help .
 

10 More Discussions You Might Find Interesting

1. IP Networking

NAT Packets/Port Openine

Firstly, I have no knowledge of hubs, so please keep any advice simple! I have a UNIX hub, connecting three PCs and would like to know if the hub has NAT translation for incoming packets and if th hub is able to NAT translate packets coming in to a local (internal) LAN address.. (3 Replies)
Discussion started by: MartinD
3 Replies

2. UNIX for Advanced & Expert Users

ssh port forward over three server

Hello there, I have a big problem, and I hope somebody can help me. I try to realize a port forward over three server. Here is a picture... Client Server1 | Server2 ------- ------- | ------- |...... | |...... | | |...... ... (2 Replies)
Discussion started by: Art007
2 Replies

3. IP Networking

port forward & DYNDNS Inquiry

Hi, Is there anyone know how to make port forward? And also, how to set up DYNDNS with router? (1 Reply)
Discussion started by: eel
1 Replies

4. IP Networking

iptables forward public IP, no NAT, Debian i386

Hello all, got kinda problem. Have two machines in LAN, one of them connected to Internet directly, another one must be forwarded through the first one. Masquerading works perfectly, but is not what is needed here. Both machines have public IP addresses, when the second machine is forwarded its... (0 Replies)
Discussion started by: Action
0 Replies

5. Ubuntu

Iptables forward traffic to forward chain!!!

Hi, I am new to linux stuff. I want to use linux iptables to configure rule so that all my incoming traffic with protocol "tcp" is forwarded to the "FORWARD CHAIN". The traffic i am dealing with has destination addresss of my machine but i want to block it from coming to input chain and somehow... (0 Replies)
Discussion started by: arsipk
0 Replies

6. UNIX for Advanced & Expert Users

ipf/ipnat NAT/port forward issues

I've been going crazy trying to get this working. Here's the situation: we have a Solaris 10 box that connects an internal network to an external network. We're using ipf/ipnat on it. We've added a couple of new boxes to the internal network (192.168.1.100, .101) and want to be able to get to port... (1 Reply)
Discussion started by: spakov
1 Replies

7. Red Hat

NAT Loopback and iptables

Hello, please can you help and explain me. I have two servers. Both are RHEL6. I use the first one like router and the second one for apache. Router forwards 80 port on the second server and I can open that from the internet (mysite.com, for example). But I can not open mysite.com if i try to... (0 Replies)
Discussion started by: 6765656755
0 Replies

8. Cybersecurity

iptables in a NAT scenario

Hi, I am learning IPTables have this question. My server is behind a firewall that does a PAT & NAT to the LAN address. Internet IP: 68.1.1.23 Port: 10022 Server LAN IP: 10.1.1.23 port: 22 Allowed Internet IPs: 131.1.1.23, 132.1.1.23 I want to allow a set of IPs are to be able to... (1 Reply)
Discussion started by: capri_guy84
1 Replies

9. Cybersecurity

Openvpn nat and iptables

good day good people hi first to tell that firewall and vpn is working as expected, but I notice something strange. I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn. I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies

10. Red Hat

Port Forward to VPN client.

Hi all, I can't port forward from WAN to VPN Client. VPN Client Ubuntu 18 192.168.0.16 Port 6000 VPN Gateway for LAN clients Centos 192.168.0.12 Router 192.168.0.1 I can forward to the VPN Client if VPN is not connected if I forward Port 6000 from 192.168.0.1 directly to 192.168.0.16.... (2 Replies)
Discussion started by: stinkefisch
2 Replies

LEARN ABOUT DEBIAN

shorewall-netmap

SHOREWALL-NETMAP(5)						  [FIXME: manual]					       SHOREWALL-NETMAP(5)

NAME

       netmap - Shorewall NETMAP definition file

SYNOPSIS

       /etc/shorewall/netmap

DESCRIPTION

       This file is used to map addresses in one network to corresponding addresses in a second network.

	   Warning
	   To use this file, your kernel and iptables must have NETMAP support included.

       The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in
       the alternate specification syntax).

       TYPE - {DNAT|SNAT}[:{P|O|T}]
	   Must be DNAT or SNAT; beginning with Shorewall 4.4.23, may be optionally followed by :P, :O or :T to perform stateless NAT. Stateless
	   NAT requires Rawpost Table support in your kernel and iptables (see the output of shorewall show capabilities).

	   If DNAT or DNAT:P, traffic entering INTERFACE and addressed to NET1 has its destination address rewritten to the corresponding address
	   in NET2.

	   If SNAT or SNAT:T, traffic leaving INTERFACE with a source address in NET1 has it's source address rewritten to the corresponding
	   address in NET2.

	   If DNAT:O, traffic originating on the firewall and leaving via INTERFACE and addressed to NET1 has its destination address rewritten to
	   the corresponding address in NET2.

	   If DNAT:P, traffic entering via INTERFACE and addressed to NET1 has its destination address rewritten to the corresponding address in
	   NET2.

	   If SNAT:P, traffic entering via INTERFACE with a destination address in NET1 has it's source address rewritten to the corresponding
	   address in NET2.

	   If SNAT:O, traffic originating on the firewall and leaving via INTERFACE with a source address in NET1 has it's source address
	   rewritten to the corresponding address in NET2.

       NET1 - network-address
	   Network in CIDR format (e.g., 192.168.1.0/24). Beginning with Shorewall 4.4.24, exclusion[1] is supported.

       INTERFACE - interface
	   The name of a network interface. The interface must be defined in shorewall-interfaces[2](5). Shorewall allows loose matches to
	   wildcard entries in shorewall-interfaces[2](5). For example, ppp0 in this file will match a shorewall-interfaces[2](8) entry that
	   defines ppp+.

       NET2 - network-address
	   Network in CIDR format

       NET3 (Optional) - network-address
	   Added in Shorewall 4.4.11. If specified, qualifies INTERFACE. It specifies a SOURCE network for DNAT rules and a DESTINATON network for
	   SNAT rules.

       PROTO - protocol-number-or-name
	   Optional -- added in Shorewall 4.4.23.2. Only packets specifying this protocol will have their IP header modified.

       DEST PORT(S) (dport) - port-number-or-name-list
	   Optional - added in Shorewall 4.4.23.2. Destination Ports. A comma-separated list of Port names (from services(5)), port numbers or
	   port ranges; if the protocol is icmp, this column is interpreted as the destination icmp-type(s). ICMP types may be specified as a
	   numeric type, a numberic type and code separated by a slash (e.g., 3/4), or a typename. See
	   http://www.shorewall.net/configuration_file_basics.htm#ICMP.

	   If the protocol is ipp2p, this column is interpreted as an ipp2p option without the leading "--" (example bit for bit-torrent). If no
	   PORT is given, ipp2p is assumed.

	   An entry in this field requires that the PROTO column specify icmp (1), tcp (6), udp (17), sctp (132) or udplite (136). Use '-' if any
	   of the following field is supplied.

       SOURCE PORT(S) (sport) - port-number-or-name-list
	   Optional -- added in Shorewall 4.4.23.2. Source port(s). If omitted, any source port is acceptable. Specified as a comma-separated list
	   of port names, port numbers or port ranges.

	   An entry in this field requires that the PROTO column specify tcp (6), udp (17), sctp (132) or udplite (136). Use '-' if any of the
	   following fields is supplied.

FILES

       /etc/shorewall/netmap

SEE ALSO

       http://shorewall.net/netmap.html

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
       shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-params(5), shorewall-policy(5),
       shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
       shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
       shorewall-zones(5)

NOTES

	1. exclusion
	   http://www.shorewall.net/manpages/shorewall-exclusion.html

	2. shorewall-interfaces
	   http://www.shorewall.net/manpages/shorewall-interfaces.html

[FIXME: source] 						    06/28/2012						       SHOREWALL-NETMAP(5)
All times are GMT -4. The time now is 10:07 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy