Archive for May 21st, 2008

Simple port forwarding with Iptables in linux

Wednesday, May 21st, 2008

One of the most common question I received from my customers is how to setup a simple port forwarding on top of their existing iptables firewall rules. Most of my customers are using Centos 5 and only uses the standard iptables provided by default upon operating system installation. For a more complicated setup I usually recommend existing iptables manipulation interface/packages (my favorite is Vuurmuur), but for those who just need one simple rule the the guide below should be enough to handle them.

Assumptions:

  • Only use IPV4
  • Two unit of machines involved, the linux machine that will act as the gateway/forwarder (IP: 192.168.0.1) and the destination machine (IP: 192.168.0.100)
  • The port to be forwarded is 5901 (Change to whatever port you want)
  • This guide is based on linux Centos 5, some other distros could also use the same setup but some other might need additional modification
  • Iptables service is turned on, and SELinux is turned off

Firstly, we have to make sure that the kernel allow port forwarding. Edit /etc/sysctl.conf and make the amendment below

net.ipv4.ip_forward = 1

To activate the rule above immediately without a reboot, run

sysctl -p /etc/sysctl.conf

Then run each of the commands below

To allow forwarding rule specifically to machine 192.168.0.100 in the FORWARD chain

iptables -I FORWARD -p tcp -d 192.168.0.100 --dport 5901 -j ACCEPT

The actual port forwarding rule

iptables -t nat -A PREROUTING -i lo -p tcp --dport 5901 -j DNAT --to-destination 192.168.0.100:5901

To masquerade the routed connection so that the firewall will treat it as local connection.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

The port forwarding rules should be ready by now, you can test it by using some common tools like telnet.

To view the current rules, run

/etc/init.d/iptables status

Bear in mind that the iptables modification above will only effective on this boot session. It will be destroyed/reverted back to original setup after reboot. To make the rules permanent, make sure you backup your existing iptables template first. Simply copy /etc/sysconfig/iptables to another place or name.

After that, just run command 

service iptables save

This will store your modified iptables rules into /etc/sysconfig/iptables thus making it persist even after reboot.

Popularity: 10% [?]

Posted in Server Administration | No Comments »

sony music from the 1990s att blue call dopilsya Lyrics Lou Reed photo culottes sales Western Digital My Passport Elite Portable 500GB External Hard Drive - Titanium { WDML5000TN rowatinex capsules digestion zebra aluminum license plate Moroccan Gold Miracle Oil Hair Treatment 4 oz Bruno Piattelli Ralph Lauren Duane Wool/Cashmere Double refurbished uniden cb canada wooden wastebin salt belamandil incan medicine wheel ironman 5402 gravity inversion table dino quest toys by lontic epson workforce 600 series duplex copying savon de marseille soap Brother SM6500PRW burtons tribute snowboard boots Molle SHOTGUN SCABBARD Universal Mount Sling ge nighthawk 9003 bulbs The Beatles-"Let It Be" Documentary DVD date on sale skateboard shoes florida gators car seat cover Peltor Junior Earmuff & canada lanechanger mirrors www.nfl women jewerly.com gr1102 great gizmos Miller 300026 No 50Hd Heavy Duty Cart bosch excel wiper blades reviews Rampage Women's Trish little rascals cabin fever dvd green plantation pattern glider used 17 inch crt monitors ACDelco LS115 Turn Signal Parking Lamp Socket JTV lab created white sapphire oval loose stone samsung behold rose liquid logic bottles hime,ban cha green tea alpine k55 guitars Outdoor Shop Adult dating Euro Hardcore Free porn Sexy lesbian BDSM squirting pussy pregnant teen asian shemale fuck bisexual teen sex girl foot fetish Adult dating tutorial Housewares Shop PORN FREE VIDEOS levitra purchase uk online viagra buy generic viagra online on line cialis soft tabs buy viagra soft tabs nichole double cum fat booty Blowjob Ninjas Lindsay Enjoys A Fat Cock porn videos free sex cam drunk madyson captain stabbin Evie Delatosso beach trannies boob tits stockings on pornstars klipal cream for women natural tramadol where to buy where to buy valium on line xanax on line uk rx pills Trazodon diazepam called in to local pharmacy viagra order levitra for woman oxazepam 0.5mg 100 tabs free zyban order online buy cialis buy lorazepam uk ed pharmacy women use tenuate free cialis soft tabs without prescription uk viagra soft tabs body building from sports supplement buy levitra in the uk canada online pharmacy cialis natural substitutes for viagra viagra prescription purchase cialis porn sex cialis soft tabs uk viagra soft tabs pharmacy cialis online discount whats a female viagra no prescription levitra natures alternative to cialis soft tabs generic viagra soft tabs cialis cheap levitra cheap viagra and pharmacy humor levitra in woman generic viagra india cialis female opinion