|
|
Sponsored Content
Special Forums
IP Networking
Port forwarding issue
Post 302877113 by mhs on Thursday 28th of November 2013 07:17:16 AM
11-28-2013
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I've been googling for a while now, trying to forward port 3000 to port 80....
In the past I used to DLink router to forward port 3000 to 80. I recently finished (well, is it ever done anyhow?) setting up my linux box and got it acting as a router.
I want to continue to run Apache on port 80... (1 Reply)
Discussion started by: meeps
1 Replies
2. UNIX for Advanced & Expert Users
Hi,
I have to install an application that has a built in tftp server. Tftp comes in on port 69. As i am not installing this application as a root user i am running into trouble because only the root user can listen to ports < 1024. So changing the port i listen to to one greater than 1023 isn't... (1 Reply)
Discussion started by: imloaded24_7
1 Replies
3. AIX
Hi friends
i have the following setup
machine1 two network adapters one connected to lan the other connected directly to machine2
machine2 is not connected to lan
i need to access machine2 directly from the LAN
how to force machine1 to forward all traffic received on a specific port the... (1 Reply)
Discussion started by: Husam
1 Replies
4. UNIX for Advanced & Expert Users
Hi
I want to set up port forwarding from one network to another network. I already have this configured on the Linux box using iptables.
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1521 -j DNAT --to 10.218.146.230
iptables -A FORWARD -p tcp -i eth1 -d 10.218.146.230 -j ACCEPT
... (2 Replies)
Discussion started by: slash_blog
2 Replies
5. Solaris
Hi,
I am looking out a way to forward all UDP traffic coming on ports 3001,3002,3003 and 3004 on server 10.2.45.200
to
corresponding ports of server 10.2.45.197.
I am using Solaris 10.0.
-bash-3.00$ uname -a
SunOS airtelussd2 5.10 Generic_127127-11 sun4u sparc SUNW,Sun-Fire-V445
Is... (6 Replies)
Discussion started by: vikas027
6 Replies
6. Solaris
Hi; I have the following issue:
I have a Solaris server running an old applications which connects to an http server in other server at certain port. The thing is that the http server has changed its ip and port and the addres in the app is hard coded and touching the app by now is out of the... (0 Replies)
Discussion started by: ppereira
0 Replies
7. IP Networking
Hi Linux/Unix Guru,
I am setting Linux Hopping Station to another different servers.
My current config to connect to another servers is using different port to connect.
e.g
ssh -D 1080 -p 22 username@server1.com
ssh -D 1081 -p 22 username@server2.com
Now what I would like to have... (3 Replies)
Discussion started by: regmaster
3 Replies
8. Emergency UNIX and Linux Support
Hi Everyone,
Hope all Doing good,
we have a Dedicated server and its installed with proxmox VE 3.2, My Need is i want Protect my server and only i need to allow the specific port in the server, And i want to forward some of ports 22,80,443 to those VM's inside my dedicated... (0 Replies)
Discussion started by: babinlonston
0 Replies
9. UNIX for Advanced & Expert Users
Hi experts,
We have windows machine ( A ) in one network & 2 Linux Servers ( B & C ) in another network. There is a firewall between these 2 networks and SSH (TCP/22) & HTTPS (TCP/443) are allowed from A to B only (but not to C). There is no personal firewall / iptables running on any machine.... (1 Reply)
Discussion started by: magnus29
1 Replies
10. Red Hat
Hello All,
I would like to ask you very kindly with /etc/sysconfig/iptables file
I have to setup port forwarding on RHEL6 router. Users from public network must be able to ssh to servers in private network behind RHEL6 router. Problem is that servers in private network must be isolated.
My... (2 Replies)
Discussion started by: oidipus
2 Replies
LEARN ABOUT DEBIAN
shorewall-nesting
SHOREWALL-NESTING(5) [FIXME: manual] SHOREWALL-NESTING(5) NAME
nesting - Shorewall Nested Zones SYNOPSIS
child-zone[:parent-zone[,parent-zone]...] DESCRIPTION
In shorewall-zones[1](5), a zone may be declared to be a sub-zone of one or more other zones using the above syntax. The child-zone may be neither the firewall zone nor a vserver zone. The firewall zone may not appear as a parent zone, although all vserver zones are handled as sub-zones of the firewall zone. Where zones are nested, the CONTINUE policy in shorewall-policy[2](5) allows hosts that are within multiple zones to be managed under the rules of all of these zones. EXAMPLE
/etc/shorewall/zones: #ZONE TYPE OPTION fw firewall net ipv4 sam:net ipv4 loc ipv4 /etc/shorewall/interfaces: #ZONE INTERFACE BROADCAST OPTIONS - eth0 detect dhcp,norfc1918 loc eth1 detect /etc/shorewall/hosts: #ZONE HOST(S) OPTIONS net eth0:0.0.0.0/0 sam eth0:206.191.149.197 /etc/shorewall/policy: #SOURCE DEST POLICY LOG LEVEL loc net ACCEPT sam all CONTINUE net all DROP info all all REJECT info The second entry above says that when Sam is the client, connection requests should first be processed under rules where the source zone is sam and if there is no match then the connection request should be treated under rules where the source zone is net. It is important that this policy be listed BEFORE the next policy (net to all). You can have this policy generated for you automatically by using the IMPLICIT_CONTINUE option in shorewall.conf[3](5). Partial /etc/shorewall/rules: #ACTION SOURCE DEST PROTO DEST PORT(S) ... DNAT sam loc:192.168.1.3 tcp ssh DNAT net loc:192.168.1.5 tcp www ... Given these two rules, Sam can connect to the firewall's internet interface with ssh and the connection request will be forwarded to 192.168.1.3. Like all hosts in the net zone, Sam can connect to the firewall's internet interface on TCP port 80 and the connection request will be forwarded to 192.168.1.5. The order of the rules is not significant. Sometimes it is necessary to suppress port forwarding for a sub-zone. For example, suppose that all hosts can SSH to the firewall and be forwarded to 192.168.1.5 EXCEPT Sam. When Sam connects to the firewall's external IP, he should be connected to the firewall itself. Because of the way that Netfilter is constructed, this requires two rules as follows: #ACTION SOURCE DEST PROTO DEST PORT(S) ... ACCEPT+ sam $FW tcp ssh DNAT net loc:192.168.1.3 tcp ssh ... The first rule allows Sam SSH access to the firewall. The second rule says that any clients from the net zone with the exception of those in the "sam" zone should have their connection port forwarded to 192.168.1.3. If you need to exclude more than one zone, simply use multiple ACCEPT+ rules. This technique also may be used when the ACTION is REDIRECT. Care must be taken when nesting occurs as a result of the use of wildcard interfaces (interface names ends in '+'). Here's an example. /etc/shorewall/zones: /etc/shorewall/interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 loc eth1 loc ppp+ dmz eth2 Because the net zone is declared before the loc zone, net is an implicit sub-zone of loc and in the absence of a net->... CONTINUE policy, traffic from the net zone will not be passed through loc->... rules. But DNAT and REDIRECT rules are an exception! o DNAT and REDIRECT rules generate two Netfilter rules: a 'nat' table rule that rewrites the destination IP address and/or port number, and a 'filter' table rule that ACCEPTs the rewritten connection. o Policies only affect the 'filter' table. As a consequence, the following rules will have unexpected behavior: #ACTION SOURCE DEST PROTO DEST # PORT(S) ACCEPT net dmz tcp 80 REDIRECT loc 3128 tcp 80 The second rule is intended to redirect local web requests to a proxy running on the firewall and listening on TCP port 3128. But the 'nat' part of that rule will cause all connection requests for TCP port 80 arriving on interface ppp+ (including ppp0!) to have their destination port rewritten to 3128. Hence, the web server running in the DMZ will be inaccessible from the web. The above problem can be corrected in several ways. The preferred way is to use the ifname pppd option to change the 'net' interface to something other than ppp0. That way, it won't match ppp+. If you are running Shorewall version 4.1.4 or later, a second way is to simply make the nested zones explicit: #ZONE TYPE OPTION fw firewall loc ipv4 net:loc ipv4 dmz ipv4 If you take this approach, be sure to set IMPLICIT_CONTINUE=No in shorewall.conf. When using other Shorewall versions, another way is to rewrite the DNAT rule (assume that the local zone is entirely within 192.168.2.0/23): #ACTION SOURCE DEST PROTO DEST # PORT(S) ACCEPT net dmz tcp 80 REDIRECT loc:192.168.2.0/23 3128 tcp 80 Another way is to restrict the definition of the loc zone: /etc/shorewall/interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 loc eth1 - ppp+ dmz eth2 /etc/shorewall/hosts: #ZONE HOST(S) OPTIONS loc ppp+:192.168.2.0/23 FILES
/etc/shorewall/zones /etc/shorewall/interfaces /etc/shorewall/hosts /etc/shorewall/policy /etc/shorewall/rules SEE ALSO
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5) NOTES
1. shorewall-zones http://www.shorewall.net/manpages/shorewall-zones.html 2. shorewall-policy http://www.shorewall.net/manpages/shorewall-policy.html 3. shorewall.conf http://www.shorewall.net/manpages/shorewall.conf.html [FIXME: source] 06/28/2012 SHOREWALL-NESTING(5)