vineetk78
asked on
Port / IP forwarding using Iptables
I have two Server machine connected to internet as following
1. Linux Server(208.116.12.106)
2 . Windows Server ( 208.116.51.10)
Now what i need that all the incoming traffic on port 25 on linux (208.116.12.110) , should be routed to port 25 on Windows Server ( 208.116.51.10)
I am trying to use iptables on linux server for this purpose but with no success.
could anybody guide me on this.
1. Linux Server(208.116.12.106)
2 . Windows Server ( 208.116.51.10)
Now what i need that all the incoming traffic on port 25 on linux (208.116.12.110) , should be routed to port 25 on Windows Server ( 208.116.51.10)
I am trying to use iptables on linux server for this purpose but with no success.
could anybody guide me on this.
iptables -t nat -A PREROUTING -i ethX -p tcp -d 208.116.12.106 --dport 25 -j DNAT --to 208.116.51.10:25
iptables -t nat -A POSTROUTING -i ethX -p tcp -d 208.116.51.10 --dport 25 -j MASQUERADE
#replace the ethX with proper values
iptables -t nat -A POSTROUTING -i ethX -p tcp -d 208.116.51.10 --dport 25 -j MASQUERADE
#replace the ethX with proper values
Sorry - the second rule should have -o
iptables -t nat -A PREROUTING -i ethX -p tcp -d 208.116.12.106 --dport 25 -j DNAT --to 208.116.51.10:25
iptables -t nat -A POSTROUTING -o ethX -p tcp -d 208.116.51.10 --dport 25 -j MASQUERADE
iptables -t nat -A PREROUTING -i ethX -p tcp -d 208.116.12.106 --dport 25 -j DNAT --to 208.116.51.10:25
iptables -t nat -A POSTROUTING -o ethX -p tcp -d 208.116.51.10 --dport 25 -j MASQUERADE
ASKER
Thanks for the quick response , let me try those commands and let u know
Not sure the POSTROUTING rule is necessary, as I believe netfilter "remembers" what's translated, and ensures all further packets are also translated.
Also, as well as ensuring the traffic passes through the Linux box on the way to the Windows box, it is also necessary for the traffic coming back from the Windows box to pass through the Linux box.
Should more help be required, it would be useful to have the network layout explained.
Also, as well as ensuring the traffic passes through the Linux box on the way to the Windows box, it is also necessary for the traffic coming back from the Windows box to pass through the Linux box.
Should more help be required, it would be useful to have the network layout explained.
the POSTROUTE rule is required if in and out interface is this same one.
ASKER
I tried putting both the rules as suggested
iptables -t nat -A PREROUTING -i ethX -p tcp -d 208.116.12.106 --dport 25 -j DNAT --to 208.116.51.10:25
iptables -t nat -A POSTROUTING -o ethX -p tcp -d 208.116.51.10 --dport 25 -j MASQUERADE
replaced ethX with eth0 which is my ethernet card on linux.
but it is still not working for me.
m I missing something ?????
iptables -t nat -A PREROUTING -i ethX -p tcp -d 208.116.12.106 --dport 25 -j DNAT --to 208.116.51.10:25
iptables -t nat -A POSTROUTING -o ethX -p tcp -d 208.116.51.10 --dport 25 -j MASQUERADE
replaced ethX with eth0 which is my ethernet card on linux.
but it is still not working for me.
m I missing something ?????
maybe
echo 1> /proc/sys/net/ipv4/ip_forw
what's other iptables rules, like forward?
iptables -L -nx
echo 1> /proc/sys/net/ipv4/ip_forw
what's other iptables rules, like forward?
iptables -L -nx
ASKER
Following is the output of command
service iptables status
[root@ankh ~]# service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp -- 0.0.0.0/0 208.116.12.106 tcp dpt:25 to:208.116.51.10:25
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE tcp -- 0.0.0.0/0 208.116.51.10 tcp dpt:25
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
service iptables status
[root@ankh ~]# service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp -- 0.0.0.0/0 208.116.12.106 tcp dpt:25 to:208.116.51.10:25
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE tcp -- 0.0.0.0/0 208.116.51.10 tcp dpt:25
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
I cannot see the filter table, please run the command I gave. I want to be sure it's not the case. Have You tried enabling ip_forward?
ASKER
no forward rules i specified only the two commands you suggested ,
yeah ip forwarding is enabled using echo 1> /proc/sys/net/ipv4/ip_forw
also loaded iptable_nat module using modprobe iptable_nat
As this is my first attempt to work with linux server , i may miss even the simple and obvious things
yeah ip forwarding is enabled using echo 1> /proc/sys/net/ipv4/ip_forw
also loaded iptable_nat module using modprobe iptable_nat
As this is my first attempt to work with linux server , i may miss even the simple and obvious things
ASKER
[root@ankh ~]# iptables -L -nx
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ASKER
just to add , we have multiple static ips configued on the linux box follwing is the output of ifconfig command.
[root@ankh ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:208.116.12.106 Bcast:208.116.12.111 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3549405 errors:0 dropped:0 overruns:0 frame:0
TX packets:3591896 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:499253541 (476.1 MiB) TX bytes:600212498 (572.4 MiB)
Interrupt:16 Base address:0xe000
eth0:1 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:208.116.12.107 Bcast:208.116.12.111 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:2 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:208.116.12.108 Bcast:208.116.12.111 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:3 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:208.116.12.109 Bcast:208.116.12.111 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:4 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:208.116.12.110 Bcast:208.116.12.111 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:5 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:216.67.224.73 Bcast:216.67.224.79 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:6 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:216.67.224.74 Bcast:216.67.224.79 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:7 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:216.67.224.75 Bcast:216.67.224.79 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:8 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:216.67.224.76 Bcast:216.67.224.79 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:9 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:216.67.224.77 Bcast:216.67.224.79 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:10 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:216.67.224.78 Bcast:216.67.224.79 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:246 errors:0 dropped:0 overruns:0 frame:0
TX packets:246 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:14032 (13.7 KiB) TX bytes:14032 (13.7 KiB)
[root@ankh ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:208.116.12.106 Bcast:208.116.12.111 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3549405 errors:0 dropped:0 overruns:0 frame:0
TX packets:3591896 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:499253541 (476.1 MiB) TX bytes:600212498 (572.4 MiB)
Interrupt:16 Base address:0xe000
eth0:1 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:208.116.12.107 Bcast:208.116.12.111 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:2 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:208.116.12.108 Bcast:208.116.12.111 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:3 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:208.116.12.109 Bcast:208.116.12.111 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:4 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:208.116.12.110 Bcast:208.116.12.111 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:5 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:216.67.224.73 Bcast:216.67.224.79 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:6 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:216.67.224.74 Bcast:216.67.224.79 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:7 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:216.67.224.75 Bcast:216.67.224.79 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:8 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:216.67.224.76 Bcast:216.67.224.79 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:9 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:216.67.224.77 Bcast:216.67.224.79 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
eth0:10 Link encap:Ethernet HWaddr 00:0C:76:0F:0C:79
inet addr:216.67.224.78 Bcast:216.67.224.79 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0xe000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:246 errors:0 dropped:0 overruns:0 frame:0
TX packets:246 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:14032 (13.7 KiB) TX bytes:14032 (13.7 KiB)
ASKER
Please let me know in case you need any other info , or any other command output to diagnose the problem further.
ASKER
Both Linux and Windows Box are hosted on Data Center ( static ip) and accessible from internet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks ravenpl , Things are working now ... Thanks a lot for your help.....
ASKER
Real nice job , Thanks a lot. Credit is all yours. And hope you will be always be there to help you in future too.
THANKS A LOT
THANKS A LOT
iptables -t nat -A PREROUTING -j DNAT -i eth1 -p tcp --dport 25 --to-destination 208.116.51.10:25
Given that the traffic passes through the Linux box before it reaches the Win box. Can you give more details about your IPtables setup ?