fwbuilder: port forwarding incoming 222 port requests to a local machine 22 port

Question

I am using fwbuilder to setup my iptables rules for a public server. The idea is to forward external requests from the 222 port to a local machine's ssh port. The settings i used are:

NAT section

Original Src: Any

Original Dst: public ip (internet)

Original Srv: tcp 222

Translated Src: Original

Translated Dst: local machine ip

Translated Srv: tcp 22

Action: Translate

Options: empty

Comment: empty

The corresponding iptables rule is:

$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 222 -d X.X.X.X --dport 22 -j DNAT --to-destination X.X.X.X:22

This setting does nothing. Does anyone knows how to do a simple port forwarding with fwbuilder ?

Thanks in advance.

Do you have also have the corresponding rule in your INPUT chain? — Scott Pack, Jan 19 '11 at 20:58
No, I have nothing more for this rule in the automatically generated iptables script. — gandalfos, Jan 19 '11 at 22:48

score 2 · Answer 1 · answered Jan 19 '11 at 23:25

2

It looks like the problem is that when you created the TCP service for port 222 you set the source port of the TCP object to be 222, what you need is to have the destination port set to 222. Make sure to set the source port back to 0 (start and end value).

There is an example of this configuration in our Users Guide here:

http://www.fwbuilder.org/4.0/docs/users_guide/ch08s03s03.html

answered Jan 19 '11 at 23:25

Mike H.

106
1

You were completely right! Combined with vadimk suggestion, now it works! Many thanks. – gandalfos Jan 21 '11 at 13:35

score 0 · Answer 2 · answered Jan 20 '11 at 05:22

Note that you also need to add a policy rule to permit tcp 22 to your local machine. Put object that represents your machine in "Destination " of this rule and object that represents ssh in "Service". The Users Guide chapter linked in the previous answer has an example.

fwbuilder: port forwarding incoming 222 port requests to a local machine 22 port

2 Answers2