preload preload preload preload

iptables port forwarding on ubuntu

27 July 2008 spacer Posted by Shahid spacer Iptables, Linux, Securities

What is Port Forwarding?

Port forwarding is a feature of the IPTables system. It allows one computer to forward connections made to it so that another computer can actually process the request. If you want a very simple metaphor you can think of it as mail forwarding. Each computer has a number of addresses called ports, and IPTables allows connections to these ports to be sent to another computer. With port forwarders, you can redirect data connections from the Internet to an internal, privately addressed machine behind your IP MASQ server. This forwarding ability includes network protocols such as TELNET, WWW, and SMTP. Protocols such as FTP, legacy ICQ, and others require special handling via kernel modules.

Setup

On Ubuntu you need to enable port forwarding. For doing this you have to be the root user.

root@shahid-laptop:~# echo 1 > /proc/sys/net/ipv4/ip_forward

After this you need to write iptable rule.

root@shahid-laptop:~# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
root@shahid-laptop:~# iptables -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.0.10 --dport 555 -j DNAT --to 192.168.0.12:22
root@shahid-laptop:~# iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.12 --dport 22 -j ACCEPT

In this rule, when we tries to connect to the IP 192.168.0.10 through the port 555 this system redirects the connection to the IP and 192.168.0.12 and port 22.

To see the iptables rule use the command ‘iptables -L’

root@shahid-laptop:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             192.168.0.12        tcp dpt:ssh 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Saving Data

When you reboot the system the iptables rules will be removed from the kernel module , so either you need to use iptables-save and iptables-restorefor saving and restoring iptable rules or you need to write a script which will execut on every boot for enabling and create the iptable rule.

  • Share/Bookmark

  • Leave a Reply

    * Required
    ** Your Email is never shared

Email Subscriptions

Enter your email address:

Delivered by FeedBurner

Calendar

July 2010
M T W T F S S
« Jan    
 1234
567891011
12131415161718
19202122232425
262728293031  
© 2010 Linux, Programming, Telephony, Asterisk, Apache, Tips & Tricks
Wordpress Themes by DT Website Templates