Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Help me understand ports and port forwarding please
Special Forums IP Networking Help me understand ports and port forwarding please Post 302840477 by DGPickett on Monday 5th of August 2013 04:44:39 PM
Old 08-05-2013
Ports are fields in UDP and TCP packet headers that allow the flow to be divided on a host to 65K different apps. For instance tcp cpnnections could be made from 63K different apps on one host to port 80 web server on the next. Sometimes port numbers imply a protocol, like 80 for http, 25 for smtp, etc. Servers listen on ports and clients get random ports to identify their socket from al others on the host, In IPV4, you have 2^32 hosts and 2^16 ports, so there are 2^96 possible connections. UDP is connectionless, so a "connection" is just a filter on remote host+port and default remote host+port destination on a socket.

IP packets are identified by Host and protocol (such as TCP), and for tcp and udp, by port. Firewalls like iptables key off the host and port. With tcp, you can tell which end is the client (connecting) and which is the server (listening) in the first two packets (syn and syn+ack bits on, respectively). So, you can allow clients inside to connect everywhere outside but not vice-versa. ICMP is an IP sub-protocol that supports IP, TCP, UDP with control and diagnostic messages Some ICMP messages can be toxic if counterfeit.

IPTables also has NAT, the ability to rewrite packets for a new host, port or both going "out", and back to the original host/port for packets coming "in". This is handy if inside hosts are unroutable, like 10.*, or just to hide inside hosts. Some protocols like FTP (which runs on top of, or inside, TCP) put hosts and port numbers in the data stream as well, and some of these NAT knows how to rewrite. All packet rewriting include adjustment of checksums.
This User Gave Thanks to DGPickett For This Post:
figaro
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

port forwarding

Hi, I have to install an application that has a built in tftp server. Tftp comes in on port 69. As i am not installing this application as a root user i am running into trouble because only the root user can listen to ports < 1024. So changing the port i listen to to one greater than 1023 isn't... (1 Reply)
Discussion started by: imloaded24_7
1 Replies

2. UNIX for Advanced & Expert Users

Port forwarding

Hi I want to set up port forwarding from one network to another network. I already have this configured on the Linux box using iptables. iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1521 -j DNAT --to 10.218.146.230 iptables -A FORWARD -p tcp -i eth1 -d 10.218.146.230 -j ACCEPT ... (2 Replies)
Discussion started by: slash_blog
2 Replies

3. Solaris

Port/IP Forwarding in Solaris 10.0

Hi, I am looking out a way to forward all UDP traffic coming on ports 3001,3002,3003 and 3004 on server 10.2.45.200 to corresponding ports of server 10.2.45.197. I am using Solaris 10.0. -bash-3.00$ uname -a SunOS airtelussd2 5.10 Generic_127127-11 sun4u sparc SUNW,Sun-Fire-V445 Is... (6 Replies)
Discussion started by: vikas027
6 Replies

4. IP Networking

SSH Port Forwarding - sharing the same port

Hi Linux/Unix Guru, I am setting Linux Hopping Station to another different servers. My current config to connect to another servers is using different port to connect. e.g ssh -D 1080 -p 22 username@server1.com ssh -D 1081 -p 22 username@server2.com Now what I would like to have... (3 Replies)
Discussion started by: regmaster
3 Replies

5. UNIX for Advanced & Expert Users

Iptable and port forwarding

Hello, I have a routeur linksys (192.168.1.1 ) a firewall (192.168.1.55 IN ----> 192.168.2.254 OUT) which using iptable I want to acces to an equipment (lorex video camera serveur 192.168.2.44) which using an ddns service on the port 9000 So i don t know which redirection a will do on the... (2 Replies)
Discussion started by: tapharule
2 Replies

6. Shell Programming and Scripting

SSH forwarding based on ports

Hi guys, I'm trying to set up an Ubuntu VPN server that will forward an ssh connection automatically as a proxy to two separate LAN hosts. What I'm looking at doing is making SSH listen on two ports (if that is possible) and get some kind of script, preferably something in bash, that will listen... (2 Replies)
Discussion started by: 3therk1ll
2 Replies

7. IP Networking

Port forwarding issue

hi guys i have a simple question ! i have two ips . a valid and internal(172.16.11.2) i want to use port forwarding to forward any request to valid IP port 8001 to internal ip port 80 . i use this rule : sysctl -w net.ipv4.ip_forward=1 iptables -t nat -A PREROUTING -p tcp... (1 Reply)
Discussion started by: mhs
1 Replies

8. UNIX for Advanced & Expert Users

Help on port forwarding please..

Hi experts, We have windows machine ( A ) in one network & 2 Linux Servers ( B & C ) in another network. There is a firewall between these 2 networks and SSH (TCP/22) & HTTPS (TCP/443) are allowed from A to B only (but not to C). There is no personal firewall / iptables running on any machine.... (1 Reply)
Discussion started by: magnus29
1 Replies

9. IP Networking

Port Forwarding not working

Hello Gurus, I have configured port forwarding at router. But after configuration I am not able to connect the computer from outside/Over internet/Remote desktp from other computer. Could you please advice? Thanks- Pokhraj (2 Replies)
Discussion started by: pokhraj_d
2 Replies

10. Red Hat

iptables port forwarding

Hello All, I would like to ask you very kindly with /etc/sysconfig/iptables file I have to setup port forwarding on RHEL6 router. Users from public network must be able to ssh to servers in private network behind RHEL6 router. Problem is that servers in private network must be isolated. My... (2 Replies)
Discussion started by: oidipus
2 Replies

LEARN ABOUT REDHAT

nc

NC(1)							    BSD General Commands Manual 						     NC(1)

NAME

     nc -- arbitrary TCP and UDP connections and listens

SYNOPSIS

     nc [-e command] [-g intermediates] [-G hopcount] [-i interval] [-lnrtuvz] [-o filename] [-p source port] [-s ip address] [-w timeout]
	[hostname] [port[s...]]

DESCRIPTION

     The nc (or netcat) utility is used for just about anything under the sun involving TCP or UDP.  It can open TCP connections, send UDP pack-
     ets, listen on arbitrary TCP and UDP ports, do port scanning, and source routing.	Unlike telnet(1), nc scripts nicely, and separates error
     messages onto standard error instead of sending them to standard output, as telnet(1) does with some.

     Destination ports can be single integers, names as listed in services(5), or ranges.  Ranges are in the form nn-mm, and several separate
     ports and/or ranges may be specified on the command line.

     Common uses include:

     o	 simple TCP proxies

     o	 shell-script based HTTP clients and servers

     o	 network daemon testing

     o	 source routing based connectivity testing

     o	 and much, much more

     The options are as follows:

     -e command
	     Execute the specified command, using data from the network for stdin, and sending stdout and stderr to the network.  This option is
	     only present if nc was compiled with the GAPING_SECURITY_HOLE compile time option, since it allows users to make arbitrary programs
	     available to anyone on the network.

     -g intermediate-host
	     Specifies a hop along a loose source routed path.	Can be used more than once to build a chain of hop points.

     -G pointer
	     Positions the "hop counter" within the list of machines in the path of a source routed packet.  Must be a multiple of 4.

     -i seconds
	     Specifies a delay time interval between lines of text sent and received.  Also causes a delay time between connections to multiple
	     ports.

     -l      Is used to specify that nc should listen for an incoming connection, rather than initiate a connection to a remote host.  Any host-
	     name/IP address and port arguments restrict the source of inbound connections to only that address and source port.

     -n      Do not do DNS lookups on any of the specified addresses or hostnames, or names of port numbers from /etc/services.

     -o filename
	     Create a hexadecimal log of data transferred in the specified file.  Each line begins with ``<'' or ``>''.  ``<'' means "from the
	     net" and ``>'' means "to the net".

     -p port
	     Specifies the source port nc should use, subject to privilege restrictions and availability.

     -r      Specifies that source and/or destination ports should be chosen semi-randomly instead of sequentially within a range or in the order
	     that the system assigns.

     -s hostname/ip-address
	     Specifies the IP of the interface which is used to send the packets.  On some platforms, this can be used for UDP spoofing by using
	     ifconfig(8) to bring up a dummy interface with the desired source IP address.

     -t      Causes nc to send RFC854 DON'T and WON'T responses to RFC854 DO and WILL requests.  This makes it possible to use nc to script telnet
	     sessions.	The presence of this option can be enabled or disabled as a compile-time option.

     -u      Use UDP instead of TCP.  On most platforms, nc will behave as if a connection is established until it receives an ICMP packet indi-
	     cating that there is no program listening to what it sends.

     -v      Verbose.  Cause nc to display connection information.  Using -v more than once will cause nc to become even more verbose.

     -w timeout
	     Specifies the number of seconds nc should wait before deciding that an attempt to establish a connection is hopeless.  Also used to
	     specify how long to wait for more network data after standard input closes.

     -z      Specifies that nc should just scan for listening daemons, without sending any data to them.  Diagnostic messages about refused con-
	     nections will not be displayed unless -v is specified twice.

EXAMPLES

     nc
	Wait for the user to type what would normally be command-line arguments in at stdin.

     nc example.host 42
	Open a TCP connection to port 42 of example.host.  If the connection fails, do not display any error messages, but simply exit.

     nc -p 31337 example.host 42
	Open a TCP connection to port 42 of example.host, and use port 31337 as the source port.

     nc -w 5 example.host 42
	Open a TCP connection to port 42 of example.host, and time out after five seconds while attempting to connect.

     nc -u example.host 53
	Send any data from stdin to UDP port 53 of example.host, and display any data returned.

     nc -s 10.1.2.3 example.host 42
	Open a TCP connection to port 42 of example.host using 10.1.2.3 as the IP for the local end of the connection.

     nc -v example.host 42
	Open a TCP connection to port 42 of example.host, displaying some diagnostic messages on stderr.

     nc -v -v example.host 42
	Open a TCP connection to port 42 of example.host, displaying all diagnostic messages on stderr.

     nc -v -z example.host 20-30
	Attempt to open TCP connections to ports 20 through 30 of example.host, and report which ones nc was able to connect to.

     nc -v -u -z -w 3 example.host 20-30
	Send UDP packets to ports 20-30 of example.host, and report which ones did not respond with an ICMP packet after three seconds.

     nc -l -p 3000
	Listen on TCP port 3000, and once there is a connection, send stdin to the remote host, and send data from the remote host to stdout.

     echo foobar | nc example.host 1000
	Connect to port 1000 of example.host, send the string "foobar" followed by a newline, and move data from port 1000 of example.host to std-
	out until example.host closes the connection.

SEE ALSO

     cat(1), telnet(1)

     The netcat README.

AUTHOR

     *Hobbit*  [hobbit@avian.org]

BSD
								  August 1, 1996							       BSD
All times are GMT -4. The time now is 11:12 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy