Re: How to open UDP ports in MASQ server?

To: debian-user@lists.debian.org
Subject: Re: How to open UDP ports in MASQ server?
From: Pedro Pozuelo <aerislives@gmail.com>
Date: Wed, 2 Mar 2005 21:33:56 +0100
Message-id: <[🔎] fdaaf4c005030212332238c3da@mail.gmail.com>
Reply-to: Pedro Pozuelo <aerislives@gmail.com>
In-reply-to: <421FC15E.4050601@geometricvisions.com>
References: <421FC15E.4050601@geometricvisions.com>

On Fri, 25 Feb 2005 20:22:54 -0400, Michael D. Crawford
<michael@geometricvisions.com> wrote:
> Hello,
> 
> I am using IP Masquerading on my debian box to share my net connection with the
> other computers in my house.  I need to open both a TCP port and a UDP port to
> allow a computer on the internal network to run a certain program.
> 
> I've had a look over some of the network howtos and find the information very
> confusing.  There is just too much information there to figure out how to do
> something simple.
> 
> I could probably figure out how to allow an exception for a TCP port but UDP,
> being connectionless, wouldn't work right with IP masquerading.  But only one
> computer in my house is going to use this UDP port, so if there is some way I
> could hardware the destination internal IP address, so that all UDP packets sent
> to this port would get sent on to my internal box, that would work great.
> 
> I'm running I think kernel 2.4.20, and it's a powerpc Mac if that's important.
> 
> Thanks for your help!
> 
> Michael D. Crawford
> crawford@goingware.com
> 
>      Read GoingWare's Bag of Programming Tricks at:
>             http://www.goingware.com/tips/
> 
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 
Hi,

What you need is DNAT.
Put this rules in a script (or simply execute them to try)
iptables -A PREROUTING -t nat -p tcp --dport 22 -j DNAT --to 192.168.0.10:22
iptables -A PREROUTING -t nat -p udp --dport 22 -j DNAT --to 192.168.0.10:22
iptables  -A FORWARD -p tcp --dport 22 -j ACCEPT
iptables  -A FORWARD -p udp --dport 22 -j ACCEPT

The first two lines will redirect all TCP and UDP trafic with
destination port 22 to port 22 of the PC with ip address 192.168.0.10
The last lines allows the trafic. It´s necessary only if you have the
default policy in DROP.
Take care if you have another iptables rules. They work in order of
execution, and if you have closed the connections before it won´t
work.

Hope it helps!

Reply to:

Prev by Date: Re: Which Dell Dimension ?
Next by Date: Re: How long 'till Sarge->Stable?
Previous by thread: Re: Using fvwm-themes with Debian Sarge
Next by thread: Re: tft monitors -- advice? XF86Config's?
Index(es):
- Date
- Thread