Network Troublshooting > General Networking Support in Linux

lan Host exposing to internet:Forwarding internal IP to internet using iptables

(1/2) > >>

sunlinux:
Hi, I have configured my adsl modem in Linux as ppp0, I am using NAT in linux to connect lan to internet.. ok fine.

Now, I want a lan server-192.168.2.3:22(ssh) to expose to internet directly, Pls guide me how can i do it.

I am pasting my nat confiuration:
------------------
INTIF="eth0"
EXTIF="ppp0"
EXTIP="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"

echo "Loading required stateful/NAT kernel modules..."

/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc

echo " Enabling Kernal IP forwarding..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

echo " Flushing ip router through: $EXTIF"
echo " External interface IP address is: $EXTIP"

echo " Loading Kernal server rules..."

# Clearing any existing rules and setting default policy
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F INPUT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -F OUTPUT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F FORWARD
/sbin/iptables -t nat -F
/sbin/iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -j DROP
/sbin/iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

Sm told me to do following :

/sbin/iptables -A PREROUTING -t nat -p tcp -d $EXTIP --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to $PORTFWIP:22
/sbin/iptables -A FORWARD -p TCP -s 0/0 --dport 22 -j ACCEPT


I did above n when I nmap the linux NAT(gateway) i get:

PORT STATE SERVICE
22/tcp filtered ssh
23/tcp filtered telnet
29/tcp filtered msg-icp
67/tcp filtered dhcps
80/tcp open http

Ricky:
Well... you mean you want to target all ssh request ie. on port22 to be directed to internal 192.168.2.3 server ?

sunlinux:
absolutely...

sunlinux:
Thank you! I have solved my problem. of DMZ

Ricky:
I would like to see how you solved it !

Navigation

[0] Message Index

[#] Next page

Go to full version