Wednesday, February 17, 2016

linux - forward public port 81 to port 80 on local ip




i am new to serverfault, so please inform me of any bad behaviors :)



i searched serverfault (and google) for an answer, but can't find the answer to my problem
(i can find answers which are partially what i need, but i lack the knowledge/experience to combine them to the solution to my problem)



the problem is as follows :
- i have a public server with port 81 which is available on the public ip address
- i have a local server with port 80 which is not available to the public
- i want the user to connect to port 81 on the public ip address and arrive at port 80 of the local server (192.168.98.###)




i think i need to do some configuring with iptables, but that's quite foggy to me



i tried some answers from How can I port forward with iptables?
but i run into all kinds of errors



some questions :
- does the local server have to have some special configuration ? for example do i have to set the gateway to the ip address of the public server ?
- /proc/sys/net/ipv4/conf/ppp0 doesn't exist, is that a problem ?



there are no ports blocked by the firewall




i have total control over the public server which is running on :



# cat /proc/version
Linux version 2.4.22-1.2115.nptl (bhcompile@daffy.perf.redhat.com) (gcc version 3.2.3 20030422 (Red Hat Linux 3.2.3-6)) #1 Wed Oct 29 15:42:51 EST 2003
# iptables --version
iptables v1.2.8


i don't know the os of the local server, and have no control over its configuration




could you please explain me which iptables settings i could use, or any other configuration ?


Answer



First thing, you don't need to deal with this /proc/sys/net/ipv4/conf/ppp0, if you are not running a modem on your gateway.



First thing you got to do, is to enable forwarding on your gateway like this:



# echo '1' > /proc/sys/net/ipv4/conf/eth0/forwarding (if you are running your live IP on eth0)



Then simply forward your traffic like this:



# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.2:80
# iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


You should replace 192.168.1.2 with the internal IP of your machine. Also, replace eth0, with the interface on which you have the live IP on your gateway.



and at last, as given in the post you read earlier, you can check the routing with




# ip route


Hope this helped. Feel free to revert in case you face issue.



Also, please post the errors also which you get in this process.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...