iptables port redirection problem

01-09-2007, 12:24 PM

Hello linux networking people!

I have the following configuration:

Gateway:
eth0 (WAN) with something like 83.9.9.9
eth1 (LAN) with 10.1.1.1
running sshd on port 22

Server 1 (internal):
eth0 with 10.1.1.2
running sshd on port 22

Server 2 (internal):
eth0 with 10.1.1.3
running sshd on port 22

I want my firewall script (using iptables) to redirect the following
ports on the getway eth0:
2222 to 10.1.1.2:22
2223 to 10.1.1.3:22

I've tried the following lines, but this gives me just the login to the
gateway server:
[...]
LAN_IP=$(ifconfig eth1 | head -n 2 | tail -n 1 | cut -d: -f2 | cut -d"
" -f 1)
[...]
iptables -A INPUT -i eth0 -m state --state NEW -p tcp --dport 2222 -j
ACCEPT
iptables -I FORWARD -s 0/0 -d 10.1.1.2 -p tcp --dport 22 -i eth0 -j
ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT
--to-destination 10.1.1.2:22
iptables -t nat -A POSTROUTING -o eth1 -p tcp --dport 22 -j SNAT
--to-source $LAN_IP
[...]

What am I doing wrong???

Thank you
Johann

01-09-2007, 12:50 PM

I think what I'd be inclined to do next is use inetd, something like:

#default

n
service <name>
{
type = INTERNAL UNLISTED <or whatever>
port = 2223
socket_type = stream
redirect = 10.1.1.2
protocol = tcp
wait = no
disable = no
only_from = 83.9.9.9
}

and give it a name and save it in /etc/xinetd.d/

Worked for limewire 4 me

:-) Peter

horvatj wrote:
> Hello linux networking people!
>
> I have the following configuration:
>
> Gateway:
> eth0 (WAN) with something like 83.9.9.9
> eth1 (LAN) with 10.1.1.1
> running sshd on port 22
>
> Server 1 (internal):
> eth0 with 10.1.1.2
> running sshd on port 22
>
> Server 2 (internal):
> eth0 with 10.1.1.3
> running sshd on port 22
>
> I want my firewall script (using iptables) to redirect the following
> ports on the getway eth0:
> 2222 to 10.1.1.2:22
> 2223 to 10.1.1.3:22
>
> I've tried the following lines, but this gives me just the login to the
> gateway server:
> [...]
> LAN_IP=$(ifconfig eth1 | head -n 2 | tail -n 1 | cut -d: -f2 | cut -d"
> " -f 1)
> [...]
> iptables -A INPUT -i eth0 -m state --state NEW -p tcp --dport 2222 -j
> ACCEPT
> iptables -I FORWARD -s 0/0 -d 10.1.1.2 -p tcp --dport 22 -i eth0 -j
> ACCEPT
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT
> --to-destination 10.1.1.2:22
> iptables -t nat -A POSTROUTING -o eth1 -p tcp --dport 22 -j SNAT
> --to-source $LAN_IP
> [...]
>
> What am I doing wrong???
>
> Thank you
> Johann

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
iptables problem with port translation	jblumenkrantz@gmail.com	Linux Networking	2	10-31-2007 07:46 PM
iptables port redirection problem	horvatj	Linux Networking	0	01-09-2007 12:24 PM
iptables port redirection	Luke Robertson	Linux Networking	3	01-06-2005 09:25 PM
Iptables nat port manipulation problem	Perry Whelan	Linux Networking	1	05-12-2004 05:35 AM
iptables and redirection	Brian Andrus	Linux Networking	1	08-10-2003 02:46 PM