Port forwarding

Hello,

I have following problem: I have three machines with external IP - A, B and C. On machine B i need to forward incoming connection on port 5600 to machine C on port 5601. I have googled a lot with no success. My iptables script looks as follows:

#!/bin/sh
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
modprobe ip_conntrack
modprobe ip_conntrack_ftp

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p tcp --destination-port 5600 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

iptables -t nat -A PREROUTING -p tcp --dport 5600 -j DNAT --to-destination C.C.C.C:5601
iptables -A FORWARD -d C.C.C.C -p tcp --dport 5600 -j ACCEPT

It seems to that incoming connection is passed inside machine B but there is no forward to machine C.

Does anybody have any idea? Thank very much in advance!!!

P.S. I need this to get software license from C on machine A but through B (so C thinks that license is given to B).

Hi

On machine B i need to forward incoming connection on port 5600 to machine C on port 5601.

I do not have the expertise to do this with iptables, but would try an ssh tunnel on host B:

/usr/bin/ssh -f -N -L5600:127.0.0.1:5601 user@host-C.tld

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Are you also telling your kernel it’s okay to route packets like this:

echo 1 > /proc/sys/net/ipv4/ip_forward

Good luck.

kondora wrote:
> Hello,
>
> I have following problem: I have three machines with external IP - A, B
> and C. On machine B i need to forward incoming connection on port 5600
> to machine C on port 5601. I have googled a lot with no success. My
> iptables script looks as follows:
>
>
> PHP code:
> --------------------
>
> #!/bin/sh
> iptables -F
> iptables -X
> iptables -t nat -F
> iptables -t nat -X
> iptables -t mangle -F
> iptables -t mangle -X
> modprobe ip_conntrack
> modprobe ip_conntrack_ftp
>
> iptables -P INPUT DROP
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD ACCEPT
>
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT
>
> iptables -A INPUT -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> iptables -A INPUT -p tcp --destination-port 5600 -j ACCEPT
> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
>
> iptables -t nat -A PREROUTING -p tcp --dport 5600 -j DNAT --to-destination C.C.C.C:5601
> iptables -A FORWARD -d C.C.C.C -p tcp --dport 5600 -j ACCEPT
>
> --------------------
>
>
> It seems to that incoming connection is passed inside machine B but
> there is no forward to machine C.
>
> Does anybody have any idea? Thank very much in advance!!!
>
> P.S. I need this to get software license from C on machine A but
> through B (so C thinks that license is given to B).
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJ4eCvAAoJEF+XTK08PnB5z5IP/0TUxxDC4MMRLqXMuJJm+rjm
iHf54PacnJTVWdrJ6CJYmehz6qzpXVw//OS6Xz8igGa+NodgF70rhcJieQkfZCW8
BxIIgV3kVcD0/Qt8YOHFSFZRQHh0EPgZ2sNfACPndwX8cPEVJENuRziHYA7SBWvW
+HAvroSByPAmItQjZ1ES5p9mYGkk4itLhl+0SHXm/AZKkPCu6VkUKDgrH497ZwjC
eR+IHaW6ihGEdUnn0o/PPh89DHg7LgZ6A8irsn7KbSZaMJ5rO9xbrrk8yXkq92Bt
OcdlOOugGVZKAMXwJZ4GI3SrOShqITTr8PpyXLUhnTXW2lUc1F+n6Acd7QxEOFU+
1wNrZcws8TRKbegjsuRiCHuUklcMsdZ8/CLUCusrB8TnROfUuCYpFS2T2T0eAHpe
ZZLMvamNZTV4DBjc9Mj/wtMW9Y36LzPMB8PFzM0GErWjm8paW+/k6sDgDEGcD/BX
StQjeLO/yTcTJD1zNjwdjQQtNiUHfL1Dkgz5xwRn5fD4ZqB+sFfWAp43gkOhOGNy
jes5MqnSV1UqJgQAeoT+mRfLDrNwnfgv74O0FLT8166hqV+PI7AuqdPpwnGQpCtB
kXS0qAsa1IMElCFgv9auqaU5ffCpnUvh31v7i9ynYSCVn6FMHLIKudbS1hb1GCu4
UGZdWAkH7vhtFvp0yTvv
=0ZpD
-----END PGP SIGNATURE-----

Why don’t you just use SuSEFirewall2 ?