From: Erich Weiler <weiler@soe.ucsc.edu>
To: netfilter@vger.kernel.org
Subject: IPTABLES port forwarding woes
Date: Fri, 30 May 2008 06:24:25 -0700 [thread overview]
Message-ID: <48400009.1070308@soe.ucsc.edu> (raw)
Hi All,
I'm having trouble setting up port forwarding on a linux host I have...
Basically I have 2 machines. One has a public and a private IP address,
the other just has a private address:
Machine 1:
public IP: 120.1.1.10
private IP: 10.1.1.50
Machine 2:
private IP: 10.1.1.133
I want to ssh to port 2222 on machine 1 from the internet, on the public
IP, and have it forward to port 22 on machine 2 on the private network.
I can't seem to open an SSH socket however when SSHing to port 2222 on
machine 1's public IP address... Note that I only want port 2222 routed
to machine 2, all other ports should connect to machine 1 as normal.
This is my current IP tables file on machine 1:
# Generated by iptables-save v1.3.5 on Wed May 28 20:56:31 2008
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [66:7948]
-A FORWARD -d 10.1.3.133 -i eth0 -o eth1 -p tcp -m tcp --dport 22 -m
state --state NEW -j ACCEPT
-A FORWARD -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p all -j ACCEPT
-A INPUT -i eth1 -p all -j ACCEPT
-A OUTPUT -o eth0 -p all -j ACCEPT
-A OUTPUT -o eth1 -p all -j ACCEPT
COMMIT
# Completed on Wed May 28 20:56:31 2008
# Generated by iptables-save v1.3.5 on Wed May 28 20:56:31 2008
*nat
:PREROUTING ACCEPT [451:32699]
:POSTROUTING ACCEPT [2:236]
:OUTPUT ACCEPT [2:236]
-A PREROUTING -d 120.1.1.10 -i eth0 -p tcp -m tcp --dport 2222 -j DNAT
--to-destination 10.1.3.133:22
-A POSTROUTING -s 10.1.3.133 -o eth0 -j SNAT --to-source 120.1.1.10
COMMIT
# Completed on Wed May 28 20:56:31 2008
This just doesn't seem to work - can anyone see where I'm going wrong? I
guess I want machine 2 to see connections coming from machine 1 to be
coming from machine 1's private IP, but I'm not sure the 'source IP' is
being re-written when it's being forwarded to machine 2... Not sure...
Anyway, if anyone can see what's wrong here please let me know!!
Thanks so much,
erich
next reply other threads:[~2008-05-30 13:24 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-30 13:24 Erich Weiler [this message]
2008-05-30 13:53 ` IPTABLES port forwarding woes Pascal Hambourg
-- strict thread matches above, loose matches on Subject: below --
2008-05-30 14:02 Erich Weiler
2008-05-30 14:42 ` Pascal Hambourg
2008-05-30 15:17 ` Erich Weiler
2008-05-30 19:11 ` Pascal Hambourg
2008-05-30 21:06 ` Erich Weiler
2008-05-30 13:15 Erich Weiler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48400009.1070308@soe.ucsc.edu \
--to=weiler@soe.ucsc.edu \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.