Port Forwarding Quandary

Port Forwarding Quandary: Posted by Josh Beck on November 9th, 2003; Ok, I need some help here.
I have two boxes. One is running redhat 8. (The Router)
The Other is running slackware 9.1 (The Dummy Box)
What I want is this:
I want a user to telnet to port 1600 on the redhat
box, and have the router forward that request to port
23 on the slackware so that outside users can log in.

What IPTABLES ruleset should I use for this.

-I've read up on google, and tried some port forwarding rules,
but they don't seem to work. (Any help is appreciated.)

Josh Beck

--; Posted by Franoculator on November 10th, 2003; Josh Beck spilled his alphabet soup on the floor,
and the letters spelled:

It took me a long time to figure that out myself, and I never found much
helpful info. Finally, I pieced some rules together from other scripts,
and here is what I use on my firewall box.

================== Begin Paste =============================

### IPTABLES NAT SCRIPT ###

# Detect external IP address
EXTIP=`NETWORKDEVICES=$(ifconfig eth1 |egrep -v "^ |^$"|awk
'{print $1}')
for INTERFACE in ${NETWORKDEVICES}; do
echo $(/sbin/ifconfig $INTERFACE | grep inet | \
cut -d : -f 2| cut -d \ -f 1)
done`

# Insert kernel modules
modprobe ipt_state

IPTABLES=/sbin/iptables

echo "*** External IP Address: $EXTIP"

EXTIF="eth1"
INTIF="eth0"
echo "*** External Interface: $EXTIF"
echo "*** Internal Interface: $INTIF"

echo "*** Enabling Forwarding..."
echo "1" > /proc/sys/net/ipv4/ip_forward

#$IPTABLES -P INPUT ACCEPT
#$IPTABLES -F INPUT
#$IPTABLES -P OUTPUT ACCEPT
#$IPTABLES -F OUTPUT
#$IPTABLES -P FORWARD DROP
#$IPTABLES -F FORWARD
#$IPTABLES -t nat -F

$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -F FORWARD
$IPTABLES -F OUTPUT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t nat -F PREROUTING
$IPTABLES -t nat -F POSTROUTING
$IPTABLES -t nat -F OUTPUT

echo "*** FWD: Allow all connections OUT and only existing and related
ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo "*** Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

echo "*** Forwarding Port 22 (ssh) traffic to morpheus"
$IPTABLES -A INPUT -i $EXTIF -p TCP --destination-port 22 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp -d $EXTIP --dport 22 -j DNAT
--to-destination 192.168.1.2:22

echo "*** Forwarding Port 22022 (ssh) traffic to trinity"
$IPTABLES -A INPUT -i $EXTIF -p TCP --destination-port 22022 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp -d $EXTIP --dport 22022 -j DNAT
--to-destination 192.168.1.1:22

echo "*** Forwarding Port 22023 (ssh) traffic to tootsie"
$IPTABLES -A INPUT -i $EXTIF -p TCP --destination-port 22023 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp -d $EXTIP --dport 22023 -j DNAT
--to-destination 192.168.1.3:22

echo "*** Forwarding Port 8880 (http) traffic to trinity"
$IPTABLES -A INPUT -i $EXTIF -p TCP --destination-port 8880 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp -d $EXTIP --dport 8880 -j DNAT
--to-destination 192.168.1.1:8880

=================== End Paste ==============================

--
***** Matthew Powell *******************************
****** http://www.franoculator.com *****************
******* Visit us on #cola on irc.oftc.net **********

Similar Posts

Need help Port forwarding on PIX 501 (Routers) by kennylee88@gmail.com
port forwarding in xp (Networking) by Mike Kenworthy
Port forwarding port 80 to a seperate web server (Windows Server) by Jamie
Port forwarding on Conexant 4 port adsl router (Internet & Broadband) by Graham Russell
Port forwarding on Conexant 4 port adsl router (Internet & Broadband) by Graham Russell