Cannot do Port forwarding in Debian Linux

[Echa]

Sponsored Links

Currently I have a computer which is connected to the internet (via ppp0) and dhcp server (via eth0) (Debian 6.0.3). The dhcp server IP address is 192.168.2.1. On the other hand I have another computer which is also connected to the server with IP: 192.168.2.167. I want to do port forwarding from the internal port 16000 of the 192.168.2.167 to the external port 13201 which is of ppp0. I tried the iptables command meant for this operating in Debian but nmap can't see port 13201 opened. Does anyone know why it is not do port forwarding.

[TABLITA]

First of all you have to check the sysctl (sysctl -a) to see if port forwarding is enabled on bootup. iptables is NOT a firewall. It is a tool named netfilter that lets you configure the firewall for Linux. netfilter is included in the kernel. By default no filtering is active. A port cannot be opened if a service does not listen on that port. In this case you try to log in, probably has a web server on your local address (127.0.0.1). Verify that a server listens on by one:

Code:

 netstat-laptn

[Baijayanthi]

First of all I thought that you are looking for to send the traffic to 192.168.2.167, not 192.168.2.107.

Code:

iptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 13201 -j DNAT --to 192.168.2.167:16000
iptables -A FORWARD -p tcp -d 192.168.2.167 --dport 16000 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

I think that for your case an open ACCEPT rule would work as well.

[Eeshwari3]

If you modify the destination address of the packet, and that this address is not that of your firewall, then your package will be processed by the FORWARD chain, not INPUT.

[Reese-R]

The port knocking is a very interesting way to enable access to various services (classic sshd for example) without having to always keep the door open on the firewall. An additional security measure very efficient with low running costs and virtually no claim against. We assume you have a firewall on our server based on IPTABLES with all doors closed, and we need to be accessed remotely via ssh. The road we want to avoid is to use port forwarding on the firewall by opening the door and forwarding it to the server or open the door of the sshd service directly.

[Captain Samuel Salt]

To make sure that the firewall "external" to redirect requests to the / server in the DMZ, there is a mechanism called "port forwarding", which by the external firewall receives the incoming communication to a port with a specific transport protocol, and the "bounces" back to the server in the DMZ with the same transport protocol and on a door which is often identical to that of the original request, but which can also change.

[Avikshit Sinha]

The thing to consider when you configure the port forwarding, which is the default behavior on the FORWARD chain is blocking traffic, so along education necessary to indicate the redirection true, it is necessary to set a rule of FORWARD which enables the traffic from the external interface (eth1) to the DMZ only for the type of request necessary.