08-05-2013
Ports are fields in UDP and TCP packet headers that allow the flow to be divided on a host to 65K different apps. For instance tcp cpnnections could be made from 63K different apps on one host to port 80 web server on the next. Sometimes port numbers imply a protocol, like 80 for http, 25 for smtp, etc. Servers listen on ports and clients get random ports to identify their socket from al others on the host, In IPV4, you have 2^32 hosts and 2^16 ports, so there are 2^96 possible connections. UDP is connectionless, so a "connection" is just a filter on remote host+port and default remote host+port destination on a socket.
IP packets are identified by Host and protocol (such as TCP), and for tcp and udp, by port. Firewalls like iptables key off the host and port. With tcp, you can tell which end is the client (connecting) and which is the server (listening) in the first two packets (syn and syn+ack bits on, respectively). So, you can allow clients inside to connect everywhere outside but not vice-versa. ICMP is an IP sub-protocol that supports IP, TCP, UDP with control and diagnostic messages Some ICMP messages can be toxic if counterfeit.
IPTables also has NAT, the ability to rewrite packets for a new host, port or both going "out", and back to the original host/port for packets coming "in". This is handy if inside hosts are unroutable, like 10.*, or just to hide inside hosts. Some protocols like FTP (which runs on top of, or inside, TCP) put hosts and port numbers in the data stream as well, and some of these NAT knows how to rewrite. All packet rewriting include adjustment of checksums.
This User Gave Thanks to DGPickett For This Post:
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi,
I have to install an application that has a built in tftp server. Tftp comes in on port 69. As i am not installing this application as a root user i am running into trouble because only the root user can listen to ports < 1024. So changing the port i listen to to one greater than 1023 isn't... (1 Reply)
Discussion started by: imloaded24_7
1 Replies
2. UNIX for Advanced & Expert Users
Hi
I want to set up port forwarding from one network to another network. I already have this configured on the Linux box using iptables.
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1521 -j DNAT --to 10.218.146.230
iptables -A FORWARD -p tcp -i eth1 -d 10.218.146.230 -j ACCEPT
... (2 Replies)
Discussion started by: slash_blog
2 Replies
3. Solaris
Hi,
I am looking out a way to forward all UDP traffic coming on ports 3001,3002,3003 and 3004 on server 10.2.45.200
to
corresponding ports of server 10.2.45.197.
I am using Solaris 10.0.
-bash-3.00$ uname -a
SunOS airtelussd2 5.10 Generic_127127-11 sun4u sparc SUNW,Sun-Fire-V445
Is... (6 Replies)
Discussion started by: vikas027
6 Replies
4. IP Networking
Hi Linux/Unix Guru,
I am setting Linux Hopping Station to another different servers.
My current config to connect to another servers is using different port to connect.
e.g
ssh -D 1080 -p 22 username@server1.com
ssh -D 1081 -p 22 username@server2.com
Now what I would like to have... (3 Replies)
Discussion started by: regmaster
3 Replies
5. UNIX for Advanced & Expert Users
Hello,
I have a routeur linksys (192.168.1.1 ) a firewall (192.168.1.55 IN ----> 192.168.2.254 OUT) which using iptable
I want to acces to an equipment (lorex video camera serveur 192.168.2.44) which using an ddns service on the port 9000
So i don t know which redirection a will do on the... (2 Replies)
Discussion started by: tapharule
2 Replies
6. Shell Programming and Scripting
Hi guys, I'm trying to set up an Ubuntu VPN server that will forward an ssh connection automatically as a proxy to two separate LAN hosts.
What I'm looking at doing is making SSH listen on two ports (if that is possible) and get some kind of script, preferably something in bash, that will listen... (2 Replies)
Discussion started by: 3therk1ll
2 Replies
7. IP Networking
hi guys
i have a simple question !
i have two ips . a valid and internal(172.16.11.2)
i want to use port forwarding to forward any request to valid IP port 8001 to internal ip port 80 .
i use this rule :
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp... (1 Reply)
Discussion started by: mhs
1 Replies
8. UNIX for Advanced & Expert Users
Hi experts,
We have windows machine ( A ) in one network & 2 Linux Servers ( B & C ) in another network. There is a firewall between these 2 networks and SSH (TCP/22) & HTTPS (TCP/443) are allowed from A to B only (but not to C). There is no personal firewall / iptables running on any machine.... (1 Reply)
Discussion started by: magnus29
1 Replies
9. IP Networking
Hello Gurus,
I have configured port forwarding at router.
But after configuration I am not able to connect the computer from outside/Over internet/Remote desktp from other computer.
Could you please advice?
Thanks-
Pokhraj (2 Replies)
Discussion started by: pokhraj_d
2 Replies
10. Red Hat
Hello All,
I would like to ask you very kindly with /etc/sysconfig/iptables file
I have to setup port forwarding on RHEL6 router. Users from public network must be able to ssh to servers in private network behind RHEL6 router. Problem is that servers in private network must be isolated.
My... (2 Replies)
Discussion started by: oidipus
2 Replies