Need IP port forwarding to access an internel service running on an internal machine

Posted by appleluo on Server Fault See other posts from Server Fault or by appleluo
Published on 2012-09-11T16:39:29Z Indexed on 2012/10/09 3:39 UTC
Read the original article Hit count: 447

Filed under:

iptables

|

port

|

forwarding

I am trying to configure iptables to do port forwarding for certain request. The scenario is like this:

Login node A can be accessed from outside Compute node B that running the service can be accessed from A but not from outside. I want to set up iptables so that a request for the service on B from outside can be accessed through A.

A has two ethernet ports: Internal eth0, with ip internal_A and External eth1, with ip external_A.

B has 1 ethernet port, internal eth0. let's say its ip is internal_B

The service listens to internal_B:5900. We open external_A:10000 for user access.

I configure my iptables with the following commands:

echo 1> /proc/sys/net/ipv4/ip_forward
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE
/sbin/iptables -A PREROUTING -p tcp -t nat --dport 10000 -j DNAT --to-destination interal_B:5900
/sbin/iptables -A OUTPUT     -p tcp -t nat -d external_A --dport 10000 -j DNAT --to-destination internal_B:5900

But it didn't work. Can anybody help me?

© Server Fault or respective owner

Related posts about iptables

Sometimes this script fails to update the iptables

as seen on Server Fault - Search for 'Server Fault'
It does not happen often, but sometimes after running the below script, checking the iptables with service iptables status shows that they weren't updated and the script doesn't output any error. The iptables is structured as look-up tree (long repeated sections snipped): #!/bin/sh iptables -t… >>> More
My current iptable configuration doesn't work [on hold]

as seen on Server Fault - Search for 'Server Fault'
sudo chkconfig iptables off /etc/init.d/iptables on ### Clear/flush iptables sudo iptables -F sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT ### Allow SSH iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables… >>> More
L2TP iptables port forward

as seen on Server Fault - Search for 'Server Fault'
Hi all, I'm setting up port forwarding for an L2TP VPN connection to the local Windows 2003 VPN server. The router is a simpel Debian machine with iptables. The VPN server works perfect. But I cannot log in from the WAN. I'm missing something. The VPN server is using a pre-shared key (L2TP) and… >>> More
iptables -P FORWARD DROP makes port forwarding slow

as seen on Server Fault - Search for 'Server Fault'
I have three computers, linked like this: box1 (ubuntu) box2 router & gateway (debian) box3 (opensuse) [10.0.1.1] ---- [10.0.1.18,10.0.2.18,10.0.3.18] ---- [10.0.3.15] | box4, www [10.0.2.1] Among other… >>> More
IPtables AWS EC2 NAT/Reverse NAT - For Reverse Proxy style setup but with IPtables

as seen on Server Fault - Search for 'Server Fault'
I was thinking initially needing to do a reverse proxy or something so I could get some SSL/TLS traffic look like it is being terminated at a server and IP address in the AWS cloud, and then that traffic is forwarded onto our actual web servers that aren't in the cloud... I've not done much iptables… >>> More

Related posts about port

Port forward to different port number

as seen on Super User - Search for 'Super User'
I have a router that sets up rules like so: TCP Any -> 5800 Any -> 5900 UDP Any -> 5800 Any -> 5900 Computer: ip-address This would allow someone 'outside' to connect to my router's port 5800 and 5900 and forward that to the same port on my computer. My issue is that I want the 'outside'… >>> More
"port forwarding": redirect calls to webservice at port 8081 to port 80

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, a colleague of mine wrote a webservice that runs on port 8081 of our Windows 2008 Server. He uses the class ServiceHost, afaik this means its a standalone host (no IIS or ASP involvement). Note: I'm new into WCF ;) Now there are some issues with clients behind a firewall blocking the requests… >>> More
Problem with hadoop start-dfs.sh

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I installed and configured hadoop on my Ubuntu 14.04 server, virtualized inside of hyper-v, however I am getting an issue when i run start-dfs.sh root@sUbuntu01:/var/log# start-dfs.sh 14/06/04 15:27:08 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java… >>> More
USB Hub and Ubuntu

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a powered 7 port hub connected to my Ubuntu box and it does nothing. The devices (zip drive and web cam) work direct, but aren't recognized through the hub. This worked fine in Windows 7. I can't prove it is the OS because this is a new motherboard and processor. Any advice? EDIT : Output… >>> More
Cannot change port 25 to port 587

as seen on Super User - Search for 'Super User'
I am using outlook 2003. My email provider is Cox. Trying to change my out going port to 587 so I send mail while traveling. Others I know on Cox have done this with succes, but they are using newer version of outlook. When I go to change my existing email accounts, outlook will not allow me to… >>> More