Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

iptables question
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

iptables question

alterlaialterlai Member
in Help

I have a proxmox installation running with a private network.
Promox has one public IP. With NAT a private network is created of 10.0.0.0/24

Inside the network i have a router (10.0.0.2) that creates a new subnet (10.0.1.0/24).
This might sound like a weird setup, but that's the one thing that has worked so far.

Now I would like to forward all ports to the router, with two exceptions: 8006 and 443. Those are proxmox and HTTPS.
I'm not very familiar with iptables and i don't really want to break anything at this point.

Can anyone help me out?

Comments

  • 4n0nx4n0nx Member
    edited May 2015

    Not sure if that works:

    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8006 -j RETURN  
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j RETURN  
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1:65535 -j DNAT --to 10.0.0.2

    If you "break" anything (e.g. can't connect to your server because you didn't open port 22 for SSH unless that was intended?), just reboot your server to reset the rules.

    //EDIT: To be clear: This redirects all ports except 8006 and 443 from the host node to the router. If I am correct :D

    //EDIT: You need to also do that with -p udp

  • alterlaialterlai Member

    @4n0nx said:
    Not sure if that works:

    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8006 -j RETURN  
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j RETURN  
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1:65535 -j DNAT --to 10.0.0.2

    If you "break" anything (e.g. can't connect to your server because you didn't open port 22 for SSH unless that was intended?), just reboot your server to reset the rules.

    //EDIT: To be clear: This redirects all ports except 8006 and 443 from the host node to the router. If I am correct :D

    //EDIT: You need to also do that with -p udp

    Thanks a lot. I'll test it probably tomorrow.

  • 4n0nx4n0nx Member

    alterlai said: Thanks a lot. I'll test it probably tomorrow.

    Plenty of time for someone to correct me if I'm wrong ;D And srsly don't forget to do -j RETURN SSH port or you will be locked out of server

  • alterlaialterlai Member

    @4n0nx said:
    Plenty of time for someone to correct me if I'm wrong ;D And srsly don't forget to do -j RETURN SSH port or you will be locked out of server

    I've just tried this, but i wasn't able to confirm because i just ran into another networking issue. Now the NAT doesn't seem to work anymore. And yes, i did clear iptables and tried again.
    Also rebooting the node doesn't help.

Sign In or Register to comment.