-1

I want to make a simple redirect of my notebook port to a VM port (in my notebook also)..

iptables -I INPUT -p tcp --dport 2424 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 2424 -j DNAT --to-destination 192.168.10.10:8000

In another machine in the network..

$ nmap 192.168.101.199

Starting Nmap 6.40 ( http://nmap.org ) at 2015-07-08 18:52 BRT
Nmap scan report for 192.168.101.199
Host is up (0.0027s latency).
Not shown: 999 closed ports
PORT     STATE SERVICE
8000/tcp open  http-alt

Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds

The telnet on notebook port 2424 doesn't works too.

Is there something wrong in my code?

Rafael Soufraz
  • 127
  • 1
  • 10

2 Answers2

2

I don't know that default nmap scans that high. Try to use the -p switch to scan 2424 specifically. If I recall nmap only scans 1-1024 and certain higher services by default. There's 65535 ports nmap can potentially scan so scanning all by default would be laborious as hell.

EDIT: I checked documentation and I'm correct in that it scans 1-1024 and certain higher.

Michael Bailey
  • 462
  • 2
  • 12
  • Thank you buddy.. But I run `nmap 192.168.101.199 -p 2424` and I get `2424/tcp closed unknown`. – Rafael Soufraz Jul 08 '15 at 22:07
  • Is there an actual service running on that port? Can you specify the service? @RafaelSoufraz – Michael Bailey Jul 08 '15 at 22:08
  • Nops.. There isn't any service in this port. I need just make a redirection. – Rafael Soufraz Jul 08 '15 at 22:13
  • So, to clarify (and basically like @zoredache) asked, is there anything at all currently listening on this port? – Michael Bailey Jul 08 '15 at 22:16
  • 2
    You probably will not see anything until something is actually running there. – Michael Bailey Jul 08 '15 at 22:17
  • So.. I have a VM and I need just a little redirect of this port to a specific port in this VM. I need a service either? – Rafael Soufraz Jul 08 '15 at 22:23
  • 2
    You need to setup NAT then and allow forwarding, not open a port to the host. – Aaron Copley Jul 08 '15 at 22:44
  • Only with iptables I can do that? – Rafael Soufraz Jul 08 '15 at 23:23
  • Bottom line is if nothing is running on this port, it will remain closed (verified by this post http://serverfault.com/questions/623180/ports-i-open-with-iptables-appear-closed?rq=1). If you do a port redirect, it depends on the actual situation. If you're reaching it over the internet you need to forward it through your router. For iptables specific forwarding, which wouldn't be sufficient in some situations, here's some reading http://www.systutorials.com/816/port-forwarding-using-iptables – Michael Bailey Jul 09 '15 at 01:23
  • @RafaelSoufraz is your question solved? May be beneficial to provide details about the situation. You need the service to be running though to get actually picked up with nmap. Otherwise the host is gonna say "nothing is running on this port, so why would I accept this connection?" – Michael Bailey Jul 09 '15 at 05:18
  • Yes.. I found my specific solution.. I'll answer my own question. Thank you all. :D – Rafael Soufraz Jul 09 '15 at 11:37
1

Maybe I was wrong in my question.. My situation was a little different.
In my case, I have a notebook in my network and inside this guy I have a VM.
But.. This VM access internet via nat (using vitual box). Then, the others pcs in my network can't access this VM.
Range my network: 192.168.0 - Range VM: 192.168.10
What I wanted? Enable the access to a service in VM for all pcs in my network but through a port in my notebook.

Studying a little, I found my mistake.. When I make just a redirect of my notebook port 2424 to the VM port 8000 it 'works'. But the case was: my VM needs response to the network. How the VM will return something if it is out of my network?

So.. Beyond open a port and make the forwarding, I need to masquerade the response of VM in my notebook.
Everything that comes to my notebook port 2424 go to the VM port 8000. But when the VM return something, I need say to the request machine that who's responding is my notebook. :)

After a lot of bla bla bla.. Follow the rulles: 

iptables -I INPUT -p tcp --dport 2424 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 2424 -j DNAT --to 192.168.10.10:8000
iptables -t nat -A POSTROUTING -p tcp -d 192.168.10.10 --dport 8000 -j MASQUERADE

Thank you all!

Rafael Soufraz
  • 127
  • 1
  • 10
  • If your question was wrong, **please edit your question to reflect your actual problem** before trying to answer it. – MadHatter Jul 09 '15 at 12:07