0

I have followed some posts in order to redirect all incoming traffic public IP to an internal IP address using iptables. I set sudo sysctl net.ipv4.ip_forward=1 and used the following rules:

iptables -t nat -A PREROUTING -p tcp --dport 9080 -j DNAT --to-destination 192.168.178.1:80
iptables -t nat -A POSTROUTING -j MASQUERADE

The idea is that I have a remote server (Ubuntu 20.04.1 LTS) which I can always reach using a reverse SSH tunnel. In that network I would like to access some devices like gateway and other devices. With the iptables I would like to be able to access, for example, the GUI of the gateway. On the local network the rules work!

The problem is that on the server I cannot set up the tunnel to redirect 9080 to 192.168.178.1:80. When I try other things on the server, for example ping I get the following:

$ ping google.com
ping: google.com: Temporary failure in name resolution

And when I set the tunnel:

$ ssh user@remoteserverfortunnel.com
ssh: Could not resolve hostname remoteserverfortunnel.com: Temporary failure in name resolution

When I set up the tunnel before the rules (removing then with -D), and adding the rules again a get this when requesting the remoteserverfortunnel.com:9080

ssh -N -R 9080:localhost:9080 user@remoteserverfortunnel.com
user@remoteserverfortunnel.com's password: 
connect_to localhost port 9080: failed.

I can still login the server using the normal port 22 SSH.

My question is, why are the rules blocking the tunnel? Is there an extra rule I have to add?

EDIT:

I added the interface option:

iptables -t nat -A PREROUTING -i enp2s0 -p tcp --dport 9080 -j DNAT --to 192.168.1.103:80
iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE

The failure in name resolution is solved. Unfortunately the idea using the tunnel still does not work, I get connect_to localhost port 9080: failed.

I did found out that I could also tunnel direct to the device, for example using ssh -N -R 9080:192.168.178.1:80 user@remoteserverfortunnel.com. Using this avoids using the iptables, I would still want to the IP tables option to learn. Some devices also do not work as expect through the tunnel.

David Kester
  • 1
  • 1
  • Please see the linked [post](https://serverfault.com/q/748109/126632) at the top of this page. If it does not help you, then edit your post to show the results. – Michael Hampton Nov 01 '20 at 23:05
  • Thanks for pointing it out, it solved part of the problem. But not sure were the problem is now – David Kester Nov 02 '20 at 21:20

0 Answers0