?
Solved

Application for Linux Usenet Proxy. Either Iptables or standalone proxy

Posted on 2007-10-20
12
Medium Priority
?
605 Views
Last Modified: 2008-01-09
I am trying to setup a proxy to a usenet server on a Centos linux box. The box is directly connected to the internet and will be accepting request from multiple dynamic ip addresses. Ideally I would like all requests for port 119 to be taken and passed on to a certain usenet server. This should work transparently for the client as if they were connecting directly to that server.
0
Comment
Question by:Mansoor Nathani
  • 7
  • 5
12 Comments
 
LVL 27

Accepted Solution

by:
Nopius earned 2000 total points
ID: 20116576
Say x.x.x.x is Centos your external IP, y.y.y.y is a usenet server IP.

iptables -t nat -A PREROUTING -p tcp -d x.x.x.x --dport 119 -j DNAT  --to-destination 10.10.14.2

Also ensure, that port 119 is allowed in a filter table (iptables -L).

To make changes permanent, run:
iptables-save > /etc/sysconfig/iptables

Read here for more info: http://linux-ip.net/html/nat-dnat.html
0
 
LVL 4

Author Comment

by:Mansoor Nathani
ID: 20116589
[root@cent sbin]# iptables -t nat -A PREROUTING -p tcp -d x.x.x.x --dport 119 -j DNAT  --to-destination 10.10.14.2
iptables: Unknown error 4294967295


x.x.x.x :Centos external IP,

10.10.14.2 is usenet server IP.
0
 
LVL 27

Expert Comment

by:Nopius
ID: 20116598
And also ensure that forwarding is turned on:
/bin/echo 1 >/proc/sys/net/ipv4/ip_forward

Or permanently, edit /etc/sysctl.conf and add:
net.ipv4.ip_forward = 1

As another option, you may configure your own NNTP server (either nntpd: , http://www.faqs.org/docs/linux_network/x-087-2-nntp.html or INN: http://www.faqs.org/docs/linux_network/x-087-2-inn.html), that will cache subscribed lists (but it takes really hudge amount of space and network traffic, depnding on a number of subscribed lists). So clients will connect to your NNTP server, that will be linked to another one. It also requires a knowledge of NNTP configuration and administration.

0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
LVL 4

Author Comment

by:Mansoor Nathani
ID: 20116615
Turned on Forwarding, and the 'iptables -t... destination 10.10.14.2 ' command was successful. How do I open port 119? :

"Also ensure, that port 119 is allowed in a filter table (iptables -L)." ?

Once successful should I see LISTEN for port 119 in netstat -ano?
0
 
LVL 27

Expert Comment

by:Nopius
ID: 20116619
I've just tested on my server, this works fine:

iptables -t nat -A PREROUTING -p tcp -d 172.16.1.120 --dport 119 -j DNAT  --to-destination 10.10.14.2

If it doesn't work, that may be the problem is in your kernel or in your netfilter package. Are you running on virtual machine?

Please trace iptables with:

iptables -t nat -A PREROUTING -p tcp -d x.x.x.x --dport 119 -j DNAT  --to-destination y.y.y.y

and post trace output here
0
 
LVL 27

Expert Comment

by:Nopius
ID: 20116625
Once successful should I see LISTEN for port 119 in netstat -ano?

No.

Just try to connect to your server to port 119 from outside.
If not works, post 'iptables -L' here.
0
 
LVL 4

Author Comment

by:Mansoor Nathani
ID: 20116628
I dont get any output for that command.

Are there any log files that I could check?

[root@cent init.d]# iptables -t nat -A PREROUTING -p tcp -d x.x.x.x --dport 119 -j DNAT  --to-destination y.y.y.y
[root@cent init.d]# telnet 208.100.59.177 119
Trying 208.100.59.177...
telnet: connect to address 208.100.59.177: Connection refused

And yes this is a Virtual Machine, VPS  on Virtuozzo platform
0
 
LVL 4

Author Comment

by:Mansoor Nathani
ID: 20116632
[root@cent init.d]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  
0
 
LVL 4

Author Comment

by:Mansoor Nathani
ID: 20116677
I have this now, but I still cant connect to port 119 from outside

I used this command:

iptables -A INPUT -p tcp --syn --dport 119 -j ACCEPT

[root@cent init.d]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:nntp flags:FIN,SYN,RST,ACK/SYN

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
0
 
LVL 4

Author Comment

by:Mansoor Nathani
ID: 20117018
one thing, the usenet server I want to forward to is an external internet IP, does that change anything?
0
 
LVL 27

Assisted Solution

by:Nopius
Nopius earned 2000 total points
ID: 20117291
Oops, I was incomplete.

1) Remove your filter:
iptables -D INPUT -p tcp --syn --dport 119 -j ACCEPT

2) Add another rule:
iptables -t nat -A POSTROUTING -s ! y.y.y.y -p tcp -m tcp --dport 119 -j SNAT --to-source y.y.y.y

where y.y.y.y is your external IP address. It works, I just tested.
0
 
LVL 4

Author Comment

by:Mansoor Nathani
ID: 20118765
Thanks so much for your help.

Works great now.
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question