HowTo redirect Port ?

faischue · #1 15th April 2004, 01:44 PM

hi all,
i use fedora with Firebird FW Software.
Firewall is only to secure this Box.
on this Box (only 1 Interface) i would do a port forwarding..

eth0 port:1234 forward to ipadress x.x.x.x port:6222

i would like to use this pc as a gateway to
connect to another Server (FTP-Server)

in Firebird SW i can't do Port forwarding because i have
only 1 Interface eth0.

thanks

Jman · #2 15th April 2004, 10:11 PM

You can try using device aliases. Fire up the Red Hat network configution tool: Main Menu > System Settings > Network. At the Devices tab, click new, Ethernet, and then select the card you currently have. Configure a static ip and you're set. The alias will be eth0:1. Note that you can't use DHCP for either device.

See the help page, Device Aliases for more information.

ieatlint · #3 16th April 2004, 06:47 AM

What you're asking can be done with iptables.

Note that your firewall software almost undoubtedly uses iptables as well, and rules you enter may conflict with the firewall's rules.

Also note that most ftp clients these days work using passive mode. This requires the server have a control port open (default 21) and then a series of other ports for data transfers.
In other words, to support passive mode on your server, you'll need to forward a lot more than port 1234. more like 1234 and then an additional ~5 ports per connected client.
If you don't, then the people connecting cannot use passive mode.
Thoroughly confused? ftp's and firewalls are confusing enough, throwing in the port forwarding will just complicate matters.

I suggest reading your ftp servers manual about passive mode (since you'll almost surely want to support it). Then head over to www.tldp.org and get a guide to make your own firewall. Refer to the creating a gateway how-to's for port forwarding. www.netfilter.org can also be of help.

If you don't know a little bit about linux already, you'd best be able to learn fast or it'll be a lost cause.

godspeed...

faischue · #4 16th April 2004, 03:09 PM

hi Jman,
i tried your idea with a alias network device. Booth
interfaces (eth0 & eth0:1) are up and running.
BUT i still don't have the configuration option "Forwarded ports" in the Rules of Firestarter.

hmm..

Jman · #5 16th April 2004, 10:42 PM

Oh, we're using Firestarter. With all this Fire-software (Firefox, formerly Firebird) it is easy to get confused.

Now I see, you need another network card if you are going to do forwarding. I'm guessing it's like a bridge: one is connected to the internet and one is to the LAN.

Or you could get a broadband router with port forwarding.

Moved to Networking.

piju · #6 25th June 2008, 06:59 AM

Quote:

Originally Posted by faischue

hi Jman,
i tried your idea with a alias network device. Booth
interfaces (eth0 & eth0:1) are up and running.
BUT i still don't have the configuration option "Forwarded ports" in the Rules of Firestarter.

hmm..

maybe u need to make a simple script to redirect your wanted ports
and put it on /etc/rc.local
make it auto executed on boot

savage · #7 25th June 2008, 07:31 AM

As ieatlint said, iptables will do this, but the question is whether Firestarter is advanced enough to get along with it. By doing the following, you may need to manage your firewall from the command line in future, or Firestarter may mess up the port forwarding:

Code:

iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport port -j DNAT --to-destination x.x.x.x:port

Items in blue you will need to amend for what you want, '-p tcp -m tcp' obviously change to '-p udp etc.' if you need udp.

--

Edit: Once you've done this, you need to do 'iptables-save > /etc/sysconfig/iptables', or 'service iptables save', it might be a good idea to backup /etc/sysconfig/iptables before going ahead, that way you can just restore it if it does get too complicated with Firestarter.