Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Help me understand ports and port forwarding please
Special Forums IP Networking Help me understand ports and port forwarding please Post 302840477 by DGPickett on Monday 5th of August 2013 04:44:39 PM
Old 08-05-2013
Ports are fields in UDP and TCP packet headers that allow the flow to be divided on a host to 65K different apps. For instance tcp cpnnections could be made from 63K different apps on one host to port 80 web server on the next. Sometimes port numbers imply a protocol, like 80 for http, 25 for smtp, etc. Servers listen on ports and clients get random ports to identify their socket from al others on the host, In IPV4, you have 2^32 hosts and 2^16 ports, so there are 2^96 possible connections. UDP is connectionless, so a "connection" is just a filter on remote host+port and default remote host+port destination on a socket.

IP packets are identified by Host and protocol (such as TCP), and for tcp and udp, by port. Firewalls like iptables key off the host and port. With tcp, you can tell which end is the client (connecting) and which is the server (listening) in the first two packets (syn and syn+ack bits on, respectively). So, you can allow clients inside to connect everywhere outside but not vice-versa. ICMP is an IP sub-protocol that supports IP, TCP, UDP with control and diagnostic messages Some ICMP messages can be toxic if counterfeit.

IPTables also has NAT, the ability to rewrite packets for a new host, port or both going "out", and back to the original host/port for packets coming "in". This is handy if inside hosts are unroutable, like 10.*, or just to hide inside hosts. Some protocols like FTP (which runs on top of, or inside, TCP) put hosts and port numbers in the data stream as well, and some of these NAT knows how to rewrite. All packet rewriting include adjustment of checksums.
This User Gave Thanks to DGPickett For This Post:
figaro
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

port forwarding

Hi, I have to install an application that has a built in tftp server. Tftp comes in on port 69. As i am not installing this application as a root user i am running into trouble because only the root user can listen to ports < 1024. So changing the port i listen to to one greater than 1023 isn't... (1 Reply)
Discussion started by: imloaded24_7
1 Replies

2. UNIX for Advanced & Expert Users

Port forwarding

Hi I want to set up port forwarding from one network to another network. I already have this configured on the Linux box using iptables. iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1521 -j DNAT --to 10.218.146.230 iptables -A FORWARD -p tcp -i eth1 -d 10.218.146.230 -j ACCEPT ... (2 Replies)
Discussion started by: slash_blog
2 Replies

3. Solaris

Port/IP Forwarding in Solaris 10.0

Hi, I am looking out a way to forward all UDP traffic coming on ports 3001,3002,3003 and 3004 on server 10.2.45.200 to corresponding ports of server 10.2.45.197. I am using Solaris 10.0. -bash-3.00$ uname -a SunOS airtelussd2 5.10 Generic_127127-11 sun4u sparc SUNW,Sun-Fire-V445 Is... (6 Replies)
Discussion started by: vikas027
6 Replies

4. IP Networking

SSH Port Forwarding - sharing the same port

Hi Linux/Unix Guru, I am setting Linux Hopping Station to another different servers. My current config to connect to another servers is using different port to connect. e.g ssh -D 1080 -p 22 username@server1.com ssh -D 1081 -p 22 username@server2.com Now what I would like to have... (3 Replies)
Discussion started by: regmaster
3 Replies

5. UNIX for Advanced & Expert Users

Iptable and port forwarding

Hello, I have a routeur linksys (192.168.1.1 ) a firewall (192.168.1.55 IN ----> 192.168.2.254 OUT) which using iptable I want to acces to an equipment (lorex video camera serveur 192.168.2.44) which using an ddns service on the port 9000 So i don t know which redirection a will do on the... (2 Replies)
Discussion started by: tapharule
2 Replies

6. Shell Programming and Scripting

SSH forwarding based on ports

Hi guys, I'm trying to set up an Ubuntu VPN server that will forward an ssh connection automatically as a proxy to two separate LAN hosts. What I'm looking at doing is making SSH listen on two ports (if that is possible) and get some kind of script, preferably something in bash, that will listen... (2 Replies)
Discussion started by: 3therk1ll
2 Replies

7. IP Networking

Port forwarding issue

hi guys i have a simple question ! i have two ips . a valid and internal(172.16.11.2) i want to use port forwarding to forward any request to valid IP port 8001 to internal ip port 80 . i use this rule : sysctl -w net.ipv4.ip_forward=1 iptables -t nat -A PREROUTING -p tcp... (1 Reply)
Discussion started by: mhs
1 Replies

8. UNIX for Advanced & Expert Users

Help on port forwarding please..

Hi experts, We have windows machine ( A ) in one network & 2 Linux Servers ( B & C ) in another network. There is a firewall between these 2 networks and SSH (TCP/22) & HTTPS (TCP/443) are allowed from A to B only (but not to C). There is no personal firewall / iptables running on any machine.... (1 Reply)
Discussion started by: magnus29
1 Replies

9. IP Networking

Port Forwarding not working

Hello Gurus, I have configured port forwarding at router. But after configuration I am not able to connect the computer from outside/Over internet/Remote desktp from other computer. Could you please advice? Thanks- Pokhraj (2 Replies)
Discussion started by: pokhraj_d
2 Replies

10. Red Hat

iptables port forwarding

Hello All, I would like to ask you very kindly with /etc/sysconfig/iptables file I have to setup port forwarding on RHEL6 router. Users from public network must be able to ssh to servers in private network behind RHEL6 router. Problem is that servers in private network must be isolated. My... (2 Replies)
Discussion started by: oidipus
2 Replies

LEARN ABOUT DEBIAN

stone

stone(1)						      General Commands Manual							  stone(1)

NAME

       stone - a simple TCP/IP packet repeater

SYNOPSYS

       stone [-d] [-n] [-u max] [-f n] [-l] [-z SSL] st [-- st] ...

OPTIONS

       -d     Increase the debug level.

       -z     SSL encryption.

       -n     IP addresses and service port numbers are shown instead of host names and service names.

       -u max max is integer. The program will memorize max sources simultaneously where UDP packets are sent.

       -f n   n is integer. The program will spawn n child processes.

       -l     Sends error messages to the syslog instead of stderr.

       st     is one of the followings; Multiple st can be designated, separated by --.
	      (1)    host:port sport [xhost ...]
	      (2)    host:port shost:sport [xhost ...]
	      (3)    display [xhost ...]
	      (4)    proxy sport [xhost ...]
	      (5)    host:port/http request [hosts ...]
	      (6)    host:port/proxy header [hosts...]

       The  program  repeats the connection on port sport to the other machine host port port.	If the machine, on which the program runs, has two
       or more interfaces, type (2) can be used to repeat the connection on the specified interface shost.

       display [xhost ...]
	      Abbreviating notation.  The program repeats the connection on display number display to the X server designated by  the  environment
	      variable DISPLAY.

       proxy sport [xhost ...]
	      Http Proxy.  Specify the machine, on which the program runs, and port sport in the http proxy settings of your WWW browser.

       host:port/http request [hosts ...]
	      Repeats packets over http request.  request is the request specified in HTTP 1.0.  host:port/proxy header [hosts...]

       host:port/proxy header [hosts...]
	      Type (6) repeats http request with header in the top of request headers.

       xhost  Only machines xhost can connect to the program.

       xhost/mask
	      Only  machines on specified networks are permitted to connect to the program.  In the case of class C network 192.168.1.0, for exam-
	      ple, use 192.168.1.0/255.255.255.0.

       sport/udp
	      Repeats UDP packets instead of TCP packets.

       port/ssl
	      Repeats packets with encryption.

       sport/ssl
	      Repeats packets with decryption.

       sport/http
	      Repeats packets over http.

DESCRIPTION

       Stone is a TCP/IP packet repeater in the application layer.  It repeats TCP and UDP packets from inside to outside of a firewall,  or  from
       outside to inside.

       Stone has following features:

       1. Stone supports Win32.
	      Formerly, UNIX machines are used as firewalls, but recently WindowsNT machines are used, too.  You can easily run Stone on WindowsNT
	      and Windows95.  Of course, available on Linux, FreeBSD, BSD/OS, SunOS, Solaris, HP-UX and so on.

       2.  Simple.
	      Stone's source code is only 2000 lines long (written in C language), so you can minimize the risk of security holes.

       3.  Stone supports SSLeay.
	      Using SSLeay developed by Eric Young, Stone can encrypt/decrypt packets.

       4.  Stone is a http proxy.
	      Stone can also be a tiny http proxy.

EXAMPLES

       outer:	 a machine in the outside of the firewall
       inner:	 a machine in the inside of the firewall
       fwall:	 the firewall on which the stone is executed

       stone 7 outer
	    Repeats the X protocol to the machine designated by the environmental variable DISPLAY.  Run X clients under DISPLAY=inner:7 on outer.

       stone outer:telnet 10023
	    Repeats the telnet protocol to outer.
	    Run telnet fwall 10023 on inner.

       stone outer:domain/udp domain/udp
	    Repeats the DNS query to outer.
	    Run nslookup - fwall on inner.

       stone outer:ntp/udp ntp/udp
	    Repeats the NTP to outer.
	    Run ntpdate fwall on inner.

       stone localhost:http 443/ssl
	    Make WWW server that supports https.
	    Access https://fwall/ using a WWW browser.

       stone localhost:telnet 10023/ssl
	    Make telnet server that supports SSL.
	    Run SSLtelnet -z ssl fwall 10023 on inner.

       stone proxy 8080
	    http proxy.

       Where fwall is a http proxy (port 8080):

       stone fwall:8080/http 10023 'POST http://outer:8023 HTTP/1.0'
       stone localhost:telnet 8023/http
	      Run stones on inner and outer respectively.
	      Repeats packets over http.

       stone fwall:8080/proxy 9080 'Proxy-Authorization: Basic c2VuZ29rdTpoaXJvYWtp'
	      for browser that does not support proxy authorization.

COPYRIGHT

       All rights about this program stone are reserved by the original author, Hiroaki Sengoku.  The program is free  software;  you  can  redis-
       tribute it and/or modify it under the terms of the GNU General Public License (GPL).

NO WARRANTY

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.

AUTHOR

       Hiroaki Sengoku
       sengoku@gcd.org
       http://www.gcd.org/sengoku/

								    Version 2.0 							  stone(1)
All times are GMT -4. The time now is 09:10 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy