forward port - alt.comp.linux

2 mensagens - Recolher todas

phil

Ver perfil

Mais opções 26 out, 22:25

Grupos de notícias: alt.comp.linux

De: "phil" <p...@sbbs.cyberchatnet.com.remove-5b4-this>

Data: Mon, 26 Oct 2009 21:25:19 -0400

Local: Seg 26 out 2009 22:25

Assunto: forward port

  Responder
  |
  Responder ao autor
  |
  Encaminhar | Imprimir | Mensagem individual
  | Mostrar original
  | Denunciar esta mensagem | Localizar mensagens deste autor
  

I am trying to forward port 80 from 192.168.1.5 to 192.168.1.100 on port
8080. I have one nic card in both machines. This is not working, and I acan
ping all the machines.

How can I get this to work please? The example that I am using in the docs is
not working.

modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A PREROUTING -t nat -p tcp -d 127.0.0.1 --dport 80 -j DNAT --to
192.168.1.100:8080
iptables -A PREROUTING -t nat -p tcp -d 192.168.1.5 --dport 80 -j DNAT --to
192.168.1.100:8080
iptables -A PREROUTING -t nat -p tcp -d 127.0.0.1 --dport 53 -j DNAT --to
192.168.1.100:8080
iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to
192.168.1.100:8080

--- Synchronet 3.15a-Win32 NewsLink 1.85
- telnet://sbbs.cyberchatnet.com:23 -

Responder Responder ao autor Encaminhar

J Sako

Ver perfil

Mais opções 27 out, 09:43

Grupos de notícias: alt.comp.linux

De: J Sako <chimpda...@yahoo.com>

Data: Tue, 27 Oct 2009 07:43:38 -0500

Local: Ter 27 out 2009 09:43

Assunto: Re: forward port

  Responder
  |
  Responder ao autor
  |
  Encaminhar | Imprimir | Mensagem individual
  | Mostrar original
  | Denunciar esta mensagem | Localizar mensagens deste autor
  

Phil,

I grew tired of manually doing this, so I wrote a script to do so. I've
attached it, plus two other util pgms I use for such things:

- pf_admin : PortFortward Admin tool
- tcp_server.pl : Pgm to listen on a port
- tcp_client.pl : Pgm to send test data to a server:port
(running any of the above with '-h' gives usage/help)

For my tests, the following is true:
SuSETest = server to forward - 192.168.2.205 (like your 192.168.1.5)
DBLinuxTest = server to forward to - 192.168.2.204 (like your 192.168.1.100)

On the server I wish to forward, I ran this:

SuSETest:/root #pf_admin -s 192.168.2.204 -lp 80 -rp 8080
(this pgm logs the rules it used to /tmp/pfrules, which created:

SuSETest:/root #cat /tmp/pfrules
/usr/sbin/iptables -t nat -A PREROUTING -i eth0 -p TCP -s any/0 --dport
80 -j LOG --log-prefix "PortFW:80:192.168.2.204:8080 "
/usr/sbin/iptables -A FORWARD -p TCP --dport 80 -s any/0 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s any/0 -j MASQUERADE
/usr/sbin/iptables -t nat -A PREROUTING -i eth0 -p TCP -s any/0 -j DNAT
--dport 80 --to-destination 192.168.2.204:8080

On the dest server, I started a tcp listener server, which is listening
on 8080:
DBLinuxTest:/root #tcp_server.pl -p 8080
10/27/09 07:19:54 > tcp_server.pl Ver: 03.0200
10/27/09 07:19:54 >
10/27/09 07:19:54 > PORT : 8080
10/27/09 07:19:54 > REPLY : off
10/27/09 07:19:54 > MAXQLEN : 5
10/27/09 07:19:54 > LOGFILEN : /tmp/tcp_server.log
10/27/09 07:19:54 >
10/27/09 07:19:54 > Creating a TCP socket on port 8080
10/27/09 07:19:54 > + Listening, up to 5 connections
10/27/09 07:19:54 > + Waiting for client requests

From (yet another) server, I sent a packet to the forwarding server
(SuSETest, 192.168.2.205), which should then forward it to
DBLinuxTest:8080...

tcp_client.pl -s 192.168.2.205 -p 80
10/27/09 07:21:50 > tcp_client.pl Ver: 03.0200
10/27/09 07:21:50 >
10/27/09 07:21:50 > SERVER : 192.168.2.205
10/27/09 07:21:50 > PORT : 80
10/27/09 07:21:50 > CPORT : ANY
10/27/09 07:21:50 > QUIET : off
10/27/09 07:21:50 > WAIT : off
10/27/09 07:21:50 > INFILEN :
10/27/09 07:21:50 >
10/27/09 07:21:50 > Creating a TCP socket on port 80
10/27/09 07:21:50 > + Sending data to 192.168.2.205:80 from port 32781
10/27/09 07:21:50 > + Test data
10/27/09 07:21:50 > > this is a test...

10/27/09 07:21:50 >
10/27/09 07:21:50 > Done: RC=0

Which it did:
10/27/09 07:21:50 > + Receiving data from client [susetest at
192.168.2.205:32781]
10/27/09 07:21:50 > this is a test...

10/27/09 07:21:50 > + Receive complete
10/27/09 07:21:50 > Closing connections
10/27/09 07:21:50 >
10/27/09 07:21:50 > Done: RC=0

Note - the attached programs were built from a common skeleton I use, so
they're kinda wordy and and contain stuff you don't need, but they work
in any case...

Hope this helps

- Mostrar texto das mensagens anteriores -

[ pf_admin 12K ]
#!/bin/ksh
####################################################################
#
# pf_admin Ver: 04.0100
#
# Package: None
#
# PreReq: None
#
# 06/24/09 04.0100 Chgs:
# - Added logic to handle prot of 'both'
# 06/24/09 04.0000 Chgs:
# - Rewrote
# - added table logic
# 01/09/09 03.0000 Chgs:
# - Moved calls to Add_Rule
# - Log rules to output file
# 05/02/08 02.0502 Added Remote Port ot logging
# 01/10/08 02.0501 Shortened log-prefix
# 01/10/08 02.0500 Log port forwards
# 01/10/08 02.0401 Make prot case insensitive
# 01/10/08 02.0400 Figure out default EXTDEV
# 11/15/06 02.0300 Massaged a bit
# 04/08/03 02.02 Add forwarding rule
# 12/13/02 02.01 Added "-if" parm & fixed syntax error
# 04/18/02 02.00 Rewrote for iptables
#
####################################################################

[ -x /etc/path ] && . /etc/path
[ -x /etc/env ] && . /etc/env

VER=$(grep "Ver:" $0|head -1|sed -e 's/^.*Ver: //g')

# --------------------------------------------------
# Standard Dir locations (for use by install pkg)
# --------------------------------------------------
# --- bindir
#BINDIR=B_Z_INXDIR
BINDIR=/sysadmin/bin
#
# --- configdir
#DATADIR=D_Z_ATAXDIR
DATADIR=/sysadmin/data
#
# --- logdir
#LOGDIR=L_Z_OGXDIR
LOGDIR=/sysadmin/logs
#
# --- reportdir
#RPTDIR=R_Z_PTXDIR
RPTDIR=/sysadmin/reports

PATH=$PATH:$BINDIR:/usr/local/bin # Std paths

#-----------------------------------------------------------
# usage
#-----------------------------------------------------------
function usage
{
echo "\nVer: $VER"
echo "Usage: pf_admin "
echo " {-tbl <file containing rules> |"
echo " -s <server to forward to>"
echo " -lp <local port on firewall>"
echo " [-rp <remote port> (def=local port)]"
echo " [-c <external client> (def=$ECLIENT)]"
echo " [-p {TCP|tcp|UDP|udp} (def=$PROT)]"
echo " }"
echo ""
echo " [-if <interface to listen on (def=$EXTDEV)"
echo " [-f (flush all)]"
echo " [-l (list current)]"
echo " [-q (quiet)]"
echo ""
echo " [-o <output file for rules> (Def $PFRULE_FILE)"
echo " [-app (Append to output file instead of overwrite)]"
echo ""
echo " [-prev]"
echo " [-ver]"
echo ""
ECHO="off";all_done 4

}

#-----------------------------------------------------------
# log_it
#-----------------------------------------------------------
function log_it
{
DD=$(date +"%D %H:%M:%S")
[ "$ECHO" = "on" ] && echo "$DD > $*"
[ "$LOGIT" = "on" ] && echo "$DD > $*" >> $LOGFILE

}

#-----------------------------------------------------------
# trace_it
#-----------------------------------------------------------
function trace_it
{
if [ "$TRACE" = "on" ];then log_it "<TRACE> $*";fi

}

#-----------------------------------------------------------
# debug_it
#-----------------------------------------------------------
function debug_it
{
if [ "$DEBUG" = "on" ];then log_it "<<DEBUG>> $*";fi

}

#-----------------------------------------------------------
# echo_it
#-----------------------------------------------------------
function echo_it
{
[ "$SILENT" != "on" ] && echo "$*"
log_it "$*"

}

#-----------------------------------------------------------
# get_tmpfile
#-----------------------------------------------------------
function get_tmpfile
{
integer TMP_CNTR=0
while [ -f $TMPDIR/${TMPFILE}${TMP_CNTR}.$$ ];do TMP_CNTR=$TMP_CNTR+1;done
touch $TMPDIR/${TMPFILE}${TMP_CNTR}.$$
echo $TMPDIR/${TMPFILE}${TMP_CNTR}.$$

}

#-----------------------------------------------------------
# free_tmpfile
#-----------------------------------------------------------
function free_tmpfile
{
rm $* 2>/dev/null

}

#-----------------------------------------------------------
# abend
#-----------------------------------------------------------
function abend
{
echo "\n$*\n"
ECHO="off";LOGIT="off"
usage

}

#-----------------------------------------------------------
# abend_nou
#-----------------------------------------------------------
function abend_nou
{
echo "\n$*\n"
ECHO="off";LOGIT="off"
all_done 12

}

#-----------------------------------------------------------
# all_done
#-----------------------------------------------------------
function all_done
{

#
# --- Clean up tmp files
#
rm $TMPDIR/$TMPFILE*.$$ 2> /dev/null

RC=0;[ $# -ne 0 ] && RC=$1
log_it ""
log_it "Done: RC=$RC"

exit $RC

}

#-----------------------------------------------------------
# do_cmd
#-----------------------------------------------------------
function do_cmd
{
trace_it "$0: Entry"

THE_CMD="$*"
debug_it "$THE_CMD"
if [ "$PREV" = "off" ];then
#$THE_CMD;STATUS=$?
#eval $THE_CMD 1>dev/null 2>&1;STATUS=$?
#eval $THE_CMD;STATUS=$?
MSG=$(eval $THE_CMD);STATUS=$?
else
log_it "[PREV] CMD: $THE_CMD"
STATUS=0
fi

trace_it "$0: Exit"
return $STATUS

}

#-----------------------------------------------------------
# mail_it
#-----------------------------------------------------------
function mail_it
{
trace_it "$0: Entry"

[ "$MAIL" != "on" ] && return

log_it "Mailing report to $MAILTO"
SUBJ="pf_admin report from $(hostname)"

if [ $RC -eq 0 ];then
SUBJ="OK - $SUBJ - $(hostname)"
else
SUBJ="ERROR - $SUBJ - $(hostname) RC=$RC"
fi

log_it "+ SUBJ: $SUBJ"
log_it "+ BODY: \n$(cat $MAILFILE)"
cat $MAILFILE | mail -s "$SUBJ" $MAILTO

free_tmpfile $MAIL_FILE

trace_it "$0: Exit"

}

#-----------------------------------------------------------
# initialize
# - Sets $OS, $OSF
# - Sets IPTABLES
# - Gest default ext device
#-----------------------------------------------------------
function initialize
{
trace_it "$0: Entry"

# --- Get OS Flavor
OS=$(uname);OSF=$OS
if [ "$OS" = "Linux" ];then
for F in redhat fedora SuSE; do [ -f /etc/${F}-release ] && OSF="$F";done
fi

# --- Set iptables
case $OSF in
"redhat"|"fedora") IPTABLES="/sbin/iptables";;
"SuSE") IPTABLES="/usr/sbin/iptables";;
esac

# --- Default net device
EXTDEV=$(netstat -rn|grep "^0.0.0.0"|awk '{print $8}')

trace_it "$0: Exit"

}

#-----------------------------------------------------------
# initialize2
# - Sets $PMSG
# - Gets $EXTIP
# - Prep PFRULE_FILE
#-----------------------------------------------------------
function initialize2
{
trace_it "$0: Entry"

# --- set PMSG
PMSG="[PREV]";[ "$PREV" = "off" ] && PMSG=""

# --- Get IP of $EXTDEV
EXTIP=$(ifconfig $EXTDEV | grep "inet addr:"|awk -F: '{print $2}'|awk '{print $1}')

# --- Prep logged rule file
if [ "$PREV" = "off" -a "$ACTN" != "LIST" ];then
[ "$APPEND" = "off" ] && > $PFRULE_FILE
chown 0.0 $PFRULE_FILE;chmod 0700 $PFRULE_FILE
fi

trace_it "$0: Exit"

}

#-----------------------------------------------
# log_rule
#-----------------------------------------------
function log_rule
{
[ "$LOG_PFRULES" != "on" ] && return
echo "$*" >> $PFRULE_FILE

}

#-----------------------------------------------
# Add_Rule
#-----------------------------------------------
function Add_Rule
{
R="$*"
do_cmd "$IPTABLES $R"
[ "$PREV" != "on" ] && log_rule $IPTABLES $R

}

#-----------------------------------------------------------
# list_rules
#
# Lists current forwarding rules
#-----------------------------------------------------------
function list_rules
{
trace_it "$0: Entry"

do_cmd "$IPTABLES -nvL PREROUTING -t nat"
[ "$PREV" != "on" ] && echo_it "$MSG"

trace_it "$0: Exit"

}

#-----------------------------------------------------------
# flush_rules
#-----------------------------------------------------------
function flush_rules
{
trace_it "$0: Entry"

echo_it "...Flushing...$PMSG"
Add_Rule -F PREROUTING -t nat

trace_it "$0: Exit"

}

#-----------------------------------------------------------
# add_single_rule
#
# Expects this to be set:
# - $1 : External client (ie originating traffic)
# - $2 : Client to forward traffic to
# - $3 : Protocol
# - $4 : Source port on external client
# - $5 : Dest port on forward-to client
#-----------------------------------------------------------
function add_single_rule
{
trace_it "$0: Entry [$*]"

_srcIP="$1"
_dstIP="$2"
_prot="$3"
_lp="$4"
_rp="$5"

# --- Get _rp if not explicitly set. Correct for ranges
[ -z "$_rp" ] && _rp=$_lp
_rp=$(echo $_rp|sed -e 's/:/-/g')

log_it "";log_it "Adding Single rule"
log_it "_srcIP : $_srcIP"
log_it "_dstIP : $_dstIP"
log_it "_prot : $_prot"
log_it "_lp : $_lp"
log_it "_rp : $_rp"

_effective_prots="$_prot";[ "$_prot" = "both" ] && _effective_prots="tcp udp"

# --- loop in case of multiple protocols
for _prot in $_effective_prots; do

echo_it "Redirecting $_prot traffic from $_srcIP on [$EXTDEV]$EXTIP:$_lp to $_dstIP:$_rp $PMSG\n"

# --- Log-prefix must be <= 29
LogP="PortFW:$_lp:$_dstIP:$_rp "
if [ $(echo $LogP|wc -c) -gt 29 ];then
LogP=$(expr substr $LogP 1 29)
fi

#
Add_Rule -t nat -A PREROUTING -i $EXTDEV -p $_prot -s $_srcIP --dport $_lp -j LOG --log-prefix \"$LogP\"

Add_Rule -A FORWARD -p $_prot --dport $_lp -s $_srcIP -j ACCEPT
Add_Rule -t nat -A POSTROUTING -s $_srcIP -j MASQUERADE
Add_Rule -t nat -A PREROUTING -i $EXTDEV -p $_prot -s $_srcIP -j DNAT \
--dport $_lp --to-destination $_dstIP:$_rp

done

trace_it "$0: Exit"

}

#-----------------------------------------------------------
# process_tbl
#
# Processes stanzas in $PORT_FORWARDS, assuming this format:
#
# ALLOWED_HOSTS|PROT|INBOUND_PORT:n|OUTBOUND_PORT-n|OUTBOUND_SRVR
#-----------------------------------------------------------
function process_tbl
{
trace_it "$0: Entry"

[ ! -e "$TBL" ] && abend_nou "+ $TBL not found..."

log_it "";log_it "Processing $TBL"
. $TBL

for _stanza in $PORT_FORWARDS;do
log_it "+ $_stanza"
_stanza=$(echo $_stanza|sed -e 's/|/ /g');set $_stanza
add_single_rule "$1" "$5" "$2" "$3" "$4"
done

trace_it "$0: Exit"

- Mostrar texto das mensagens anteriores -

...

mais »

tcp_client.pl
9K Download

tcp_server.pl
8K Download

Responder Responder ao autor Encaminhar

Fim das mensagens

« Voltar às Discussões

« Tópico recente

Tópico antigo »