Thread: Iptables forward port UDP iax2 4569, tftp 69, and TCP ssh 3131 TCto internal IP

Hi Guys,
I hope someone can help me
I need someone to look at the code (I have removed part of the external IP for security purposes) and see if this is how it should be done:

I need:
name Port Protocol
iax2 4569 UDP
tftp 69 UDP
ssh 3131 TCP

and then forward those to 192.168.1.21 or 192.168.10.20


Here is what I have come up with so far
/sbin/iptables-A INPUT -p udp -ieth1 -s189.212.XXX.XXX/4569 -dport 4569 -j ACCEPT
/sbin/iptables-A INPUT -p udp -ieth1 -s189.212.XXX.XXX/69 -dport 69 -j ACCEPT
/sbin/iptables-A INPUT -p tcp -ieth1 -s189.212.XXX.XXX/3131 -dport 3131 -j
ACCEPT
iptables -tnat -A POSTROUTING -o eth0 -s 192.168.X.21/4569 -j MASQUERADE
iptables -tnat -A POSTROUTING -o eth0 -s 192.168.1.21/69 -j MASQUERADE
iptables -tnat -A POSTROUTING -o eth0 -s 192.168.1.21/3131 -j MASQUERADE
echo 1 >/proc/sys/net/ipv4/ip_forward

This will redirect (forward) 22 to 3131

Code:

/sbin/iptables -t nat -I PREROUTING --src 0/0 --dst 192.168.1.21 -p tcp --dport 22 -j REDIRECT --to-ports 3131

The Iptable rules required for port forwarding aaa.bbb.ccc.yyy:22 to 192.168.1.21:3131:

Code:

/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d aaa.bbb.ccc.yyy --dport 22 -j DNAT --to 192.168.1.21:3131
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.1.21 --dport 22 -j ACCEPT

Hi,

When I said I was a newbie I was not being shy,
I have no f-ing clue of what I am doing.

This is the result I have gotten so far, and I do not know how to "delete" what I have done that is wrong so far
[root@gw sbin]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4569
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:69
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3131
ACCEPT udp -- 189.212.XXX.XXX 0.0.0.0/0 udp dpt:4569
ACCEPT udp -- 189.212.XXX.XXX 0.0.0.0/0 udp dpt:69
ACCEPT tcp -- 189.212.XXX.XXX 0.0.0.0/0 tcp dpt:3131

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 192.168.1.21 udp dpt:4569
ACCEPT udp -- 0.0.0.0/0 192.168.1.21 udp dpt:4569
ACCEPT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:22

I need the forward to work fromt he source to the destination
My eth1 is the public (external) IP, the eth0 is the internal IP

when I check the ports with Open Port Check Tool - Test Port Forwarding on Your Router I get that the ports are closed.
Need a bit more help, and I need it really spelled out in a way that I can understand, THANK YOU in advance for taking the time to help me.

If you are using RHEL / CentOS based system, type the following to start, stop and restart the firewall as root user:

Code:

service iptables stop
service iptables start
service iptables restart
service iptables save

See http://www.cyberciti.biz/faq/rhel-fe...tion-tutorial/

Your default policy is set to ACCEPT. Are you running ssh on 3131 port on internal system?

I have no clue
I just did what you told me and everything is clear
(no open ports nor forwards)

I have the firewall that someone set up in linux so I can more or less secure my network.
I have an Asterisk PBX that needs to have those ports open and forwarded to it.

I will read what you sent, but OMG this is f-ing hard!!!!
That is why I was not into linux from the getgo... I have a lot to learn
THANK YOU
if you can help more I will greately appreciate it

Nathan