Results 1 to 6 of 6

Thread: Iptables forward port UDP iax2 4569, tftp 69, and TCP ssh 3131 TCto internal IP

  1. #1
    Junior Member
    Join Date
    Jul 2011
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default Iptables forward port UDP iax2 4569, tftp 69, and TCP ssh 3131 TCto internal IP

    Hi Guys,
    I hope someone can help me
    I need someone to look at the code (I have removed part of the external IP for security purposes) and see if this is how it should be done:

    I need:
    name Port Protocol
    iax2 4569 UDP
    tftp 69 UDP
    ssh 3131 TCP

    and then forward those to 192.168.1.21 or 192.168.10.20


    Here is what I have come up with so far
    /sbin/iptables-A INPUT -p udp -ieth1 -s189.212.XXX.XXX/4569 -dport 4569 -j ACCEPT
    /sbin/iptables-A INPUT -p udp -ieth1 -s189.212.XXX.XXX/69 -dport 69 -j ACCEPT
    /sbin/iptables-A INPUT -p tcp -ieth1 -s189.212.XXX.XXX/3131 -dport 3131 -j
    ACCEPT
    iptables -tnat -A POSTROUTING -o eth0 -s 192.168.X.21/4569 -j MASQUERADE
    iptables -tnat -A POSTROUTING -o eth0 -s 192.168.1.21/69 -j MASQUERADE
    iptables -tnat -A POSTROUTING -o eth0 -s 192.168.1.21/3131 -j MASQUERADE

    echo 1 >/proc/sys/net/ipv4/ip_forward

  2. #2
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,498
    Thanks
    17
    Thanked 788 Times in 506 Posts
    Rep Power
    10

    Default

    This will redirect (forward) 22 to 3131
    Code:
    /sbin/iptables -t nat -I PREROUTING --src 0/0 --dst 192.168.1.21 -p tcp --dport 22 -j REDIRECT --to-ports 3131
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


  3. #3
    Senior Member raj's Avatar
    Join Date
    Jun 2005
    Location
    Hyderabad
    Posts
    565
    Thanks
    57
    Thanked 40 Times in 37 Posts
    Rep Power
    13

    Default

    The Iptable rules required for port forwarding aaa.bbb.ccc.yyy:22 to 192.168.1.21:3131:

    Code:
    /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d aaa.bbb.ccc.yyy --dport 22 -j DNAT --to 192.168.1.21:3131
    /sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.1.21 --dport 22 -j ACCEPT
    Raj
    Linux rulz.
    I have never turned back in my life ; I shall not do so today.. haha

  4. #4
    Junior Member
    Join Date
    Jul 2011
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default thank you for your reply BUT

    Hi,

    When I said I was a newbie I was not being shy,
    I have no f-ing clue of what I am doing.

    This is the result I have gotten so far, and I do not know how to "delete" what I have done that is wrong so far
    [root@gw sbin]# iptables -L -n
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4569
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:69
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3131
    ACCEPT udp -- 189.212.XXX.XXX 0.0.0.0/0 udp dpt:4569
    ACCEPT udp -- 189.212.XXX.XXX 0.0.0.0/0 udp dpt:69
    ACCEPT tcp -- 189.212.XXX.XXX 0.0.0.0/0 tcp dpt:3131

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    ACCEPT udp -- 0.0.0.0/0 192.168.1.21 udp dpt:4569
    ACCEPT udp -- 0.0.0.0/0 192.168.1.21 udp dpt:4569
    ACCEPT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:22
    ACCEPT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:22

    I need the forward to work fromt he source to the destination
    My eth1 is the public (external) IP, the eth0 is the internal IP

    when I check the ports with Open Port Check Tool - Test Port Forwarding on Your Router I get that the ports are closed.
    Need a bit more help, and I need it really spelled out in a way that I can understand, THANK YOU in advance for taking the time to help me.

  5. #5
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,498
    Thanks
    17
    Thanked 788 Times in 506 Posts
    Rep Power
    10

    Default

    If you are using RHEL / CentOS based system, type the following to start, stop and restart the firewall as root user:
    Code:
    service iptables stop
    service iptables start
    service iptables restart
    service iptables save
    See http://www.cyberciti.biz/faq/rhel-fe...tion-tutorial/

    Your default policy is set to ACCEPT. Are you running ssh on 3131 port on internal system?
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


  6. #6
    Junior Member
    Join Date
    Jul 2011
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    I have no clue
    I just did what you told me and everything is clear
    (no open ports nor forwards)

    I have the firewall that someone set up in linux so I can more or less secure my network.
    I have an Asterisk PBX that needs to have those ports open and forwarded to it.

    I will read what you sent, but OMG this is f-ing hard!!!!
    That is why I was not into linux from the getgo... I have a lot to learn
    THANK YOU
    if you can help more I will greately appreciate it

    Nathan

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Port foreword + openVPN + iptables ?
    By flan in forum Networking, Firewalls and Security
    Replies: 1
    Last Post: 18th May 2011, 05:12 PM
  2. Port forward
    By cosminnci in forum Networking, Firewalls and Security
    Replies: 1
    Last Post: 7th February 2010, 06:49 PM
  3. Open Port in IPTABLES
    By jayank008 in forum Networking, Firewalls and Security
    Replies: 2
    Last Post: 30th January 2010, 01:37 PM
  4. [Solved] ipTables rule to block a port for all internal IP Addresses except one
    By pranaysharmadelhi in forum Networking, Firewalls and Security
    Replies: 2
    Last Post: 14th July 2009, 09:49 PM
  5. Blocking port in iptables
    By asim.mcp in forum Linux software
    Replies: 3
    Last Post: 17th July 2006, 10:00 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •