using iptables

A gateway with two network cards conntects a LAN with WAN. This document describes, how to forward ports of nodes in the LAN to ports of the gateway visible in the WAN.

Make sure that in the kernel MASQUERADE target support is enabled.

A list of loaded modules is 

 ip_conntrack_amanda     
 xt_tcpudp              
 xt_state       
 iptable_raw    
 iptable_mangle  
 iptable_filter   
 iptable_nat    
 ip_nat             
 ip_tables     
 ip_conntrack  
 x_tables

Set up the following iptables rules. 

 iptables -P FORWARD DROP
 iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport  port_of_the_LAN_node -m state /
 --state NEW,ESTABLISHED,RELATED -j ACCEPT
 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport  port_of_the_gateway /
 -j DNAT --to-destination IP_LAN_node:port_of_the_LAN_node
 iptables -A FORWARD -i eth1 -o eth0 -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

Write a script for the iptables rules and make it sufficently secure. If it still doesn`t work, use tcpdump on the right ports to check the traffic.

The nodes need to know the IP of the gateway.

using ssh

Read the man page of ssh. Use the -L option and eventually -C -N .

DocumentationForm edit

Title How to forward ports of nodes
Description This document describes how to forward ports of nodes in the LAN to ports of the gateway visible in the WAN.
Tags WAN LAN port forward
Category Admin
This topic: ATLAS > WebHome > GeneralDocumentation > PortForwarding
Topic revision: 10 Feb 2012, ArthurVarkentin
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback