[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Advanced Policy Firewall localhost forwarding

Posted on 2013-06-24
3
Medium Priority
?
372 Views
Last Modified: 2013-06-25
I am semi-familiar with advanced policy firewall (APF) routing chains, however I am having issues writing a rule to forward port localhost:139 to 10.0.0.1:139

I'm not sure where to put it. In the preroute, or postroute file?

I basically want something like:

$IPT -t nat [output?] -p tcp --dport 139 -d 127.0.0.1 -j DNAT --to-destination 10.0.0.1:139

Any advice?

Thanks!!
0
Comment
Question by:dr34m3rs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
Vijay Pratap Singh earned 2000 total points
ID: 39273695
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $srcPortNumber -j REDIRECT --to-port $dstPortNumber

#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j REDIRECT --to-port 2525
0
 
LVL 1

Author Comment

by:dr34m3rs
ID: 39273710
I'm using APF, which is a configuration script for iptables, your examples don't work unfortunately.

$IPT -t nat -A PREROUTING -p tcp --dport 139 -i lo -j DNAT --to-destination 10.0.0.1:139
0
 
LVL 1

Author Comment

by:dr34m3rs
ID: 39276929
Ok after a lot of reading and such, I've discovered that this line of thinking is ridiculous. Although it seems "so simple" of an idea, it just isn't.

I've gone the SSH local to remote forwarding route:

Generating an SSH key with openssh, so I can login to localhost without a password, then using screen to forward my ports (so I can close the console window), and will have to use netcat to forward my UDP ports.

Thanks for the help.

I'll give you the points just because you tried!!

dr34m3r
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question