3

i am new to serverfault, so please inform me of any bad behaviors :)

i searched serverfault (and google) for an answer, but can't find the answer to my problem (i can find answers which are partially what i need, but i lack the knowledge/experience to combine them to the solution to my problem)

the problem is as follows : - i have a public server with port 81 which is available on the public ip address - i have a local server with port 80 which is not available to the public - i want the user to connect to port 81 on the public ip address and arrive at port 80 of the local server (192.168.98.###)

i think i need to do some configuring with iptables, but that's quite foggy to me

i tried some answers from How can I port forward with iptables? but i run into all kinds of errors

some questions : - does the local server have to have some special configuration ? for example do i have to set the gateway to the ip address of the public server ? - /proc/sys/net/ipv4/conf/ppp0 doesn't exist, is that a problem ?

there are no ports blocked by the firewall

i have total control over the public server which is running on :

# cat /proc/version
Linux version 2.4.22-1.2115.nptl (bhcompile@daffy.perf.redhat.com) (gcc version 3.2.3 20030422 (Red Hat Linux 3.2.3-6)) #1 Wed Oct 29 15:42:51 EST 2003
# iptables --version
iptables v1.2.8

i don't know the os of the local server, and have no control over its configuration

could you please explain me which iptables settings i could use, or any other configuration ?

Community
  • 1
Hrqls
  • 133
  • 1
  • 8
  • Really? You have total control over the server and you're running Fedora Core 1 on it?! That's out of the Dark Ages at this point. – Michael Hampton Dec 04 '12 at 17:12
  • @MichaelHampton : It's an old server (over 10 years old) which is still running perfectly. I could put a totally new OS on it, but the customer wants as little downtime as possible, and my motto is "don't fix when it ain't broken" :) – Hrqls Dec 10 '12 at 19:10
  • The problem is the local (video) server was available via the public address, but the customer changed their IP plan, and now the local server is in a different part of the network ... the customer themselves can access the local server via their internal network, but i would love to access it from the public as well for maintainance – Hrqls Dec 10 '12 at 19:13

1 Answers1

3

First thing, you don't need to deal with this /proc/sys/net/ipv4/conf/ppp0, if you are not running a modem on your gateway.

First thing you got to do, is to enable forwarding on your gateway like this:

# echo '1' > /proc/sys/net/ipv4/conf/eth0/forwarding (if you are running your live IP on eth0)

Then simply forward your traffic like this:

# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.2:80
# iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

You should replace 192.168.1.2 with the internal IP of your machine. Also, replace eth0, with the interface on which you have the live IP on your gateway.

and at last, as given in the post you read earlier, you can check the routing with 

# ip route

Hope this helped. Feel free to revert in case you face issue.

Also, please post the errors also which you get in this process.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
Napster_X
  • 3,333
  • 16
  • 20
  • sorry for the late comment : some other projects widged themselves into my priority list ... i will probably continue with this one in january ... thanks for you answer! it will be the first think that i will try, and i will let you know the results! ... hmm can't upvote you yet ... sorry .. will accept it as the answer when i tried it, and it works :) – Hrqls Dec 10 '12 at 19:15
  • Sure. Feel free to update in case of issues. – Napster_X Dec 11 '12 at 05:43