[chanalku91]

Hello, I have a problem with port forwarding

I want to forward the connection from public zone port 22 to private zone port 2222 But I don't know why this command doesn't work

Terminal

iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 22 -j DNAT --to 127.0.0.1:2222

I have also activated port forward on sysctl

But the problems I experienced could not be solved by members of the Indonesian Linux forum

[deanhills]

Moved from Hardware Forum to Support Forum.  Let's see whether our Guru Think Tank at post4vps can beat the Indonesian Linux Forum with coming up with a solution!  

[LightDestory]

Hello, I have a problem with port forwarding

I want to forward the connection from public zone port 22 to private zone port 2222 But I don't know why this command doesn't work

Terminal

iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 22 -j DNAT --to 170.0.0.1:2222

I have also activated port forward on sysctl

But the problems I experienced could not be solved by members of the Indonesian Linux forum

You created the routing rule, that's good. But you are missing a very important thing: by default forwarding is set to block the traffic. You need to enable the traffic.

We can imagine the forwarding as two rules:

• Forwarding rule to accept the traffic
  
• Routing rule to redirect the traffic
  

So you should create a rule like this:

Code: (Select All)

iptables -A FORWARD -i eth0 -p tcp –dport 22 -j ACCEPT
This command is based on your original command, using eth0 and tcp protocol

---

Can you tell me how to creates terminal style images like you? I know carbon but I am unable to get html code 

[Mashiro]

"Public Zone" & "Private Zone" are two technical terms you will never hear or find if you are using just pure iptables. These terms are usually only used when you have a server with Redhat Enterprise Linux, CentOS or Fedora with firewalld. Just saying this to avoid confusion. You might not catch the relation now but maybe later you will. Especially important if as said you use one of the OSs I mentioned.

Anyway... A few questions to clear things up:
a) Does your server have a eth0 interface? OpenVZ for example doesn't have such interfaces. If you use KVM with newer OSs they usually have different interface names like enp0s1 and such.
b) 170.0.0.1 is what? Is that supposed to be a internal address? Is that assigned inside your server? Are you trying to forward to loopback? The loopback address is 127.0.0.1 but not 170.0.0.1. You most likely don't even own this IP address: https://www.ipaddress.com/ipv4/170.0.0.1
c) Which OS are you using and what kind of server do you have? Virtual? Dedicated? OpenVZ? KVM?
d) What is your current firewall configuration?

[chanalku91]

"Public Zone" & "Private Zone" are two technical terms you will never hear or find if you are using just pure iptables. These terms are usually only used when you have a server with Redhat Enterprise Linux, CentOS or Fedora with firewalld. Just saying this to avoid confusion. You might not catch the relation now but maybe later you will. Especially important if as said you use one of the OSs I mentioned.

Anyway... A few questions to clear things up:
a) Does your server have a eth0 interface? OpenVZ for example doesn't have such interfaces. If you use KVM with newer OSs they usually have different interface names like enp0s1 and such.
b) 170.0.0.1 is what? Is that supposed to be a internal address? Is that assigned inside your server? Are you trying to forward to loopback? The loopback address is 127.0.0.1 but not 170.0.0.1. You most likely don't even own this IP address: https://www.ipaddress.com/ipv4/170.0.0.1
c) Which OS are you using and what kind of server do you have? Virtual? Dedicated? OpenVZ? KVM?
d) What is your current firewall configuration?

1. My server has an eth0 interface
2. That typo I should write 127.0.0.1 
3. Ubuntu 18.04 (KVM)
4. Firewalls only allow incoming connections from ports 22 & 22022

[chanalku91]

1. My server has an eth0 interface
2. That typo I should write 127.0.0.1 
3. Ubuntu 18.04 (KVM)
4. Firewalls only allow incoming connections from ports 22 & 22022

I will add a screenshot of the firewall configuration on the VPS Maybe it will help

[chanalku91]

You created the routing rule, that's good. But you are missing a very important thing: by default forwarding is set to block the traffic. You need to enable the traffic.

We can imagine the forwarding as two rules:

• Forwarding rule to accept the traffic
  
• Routing rule to redirect the traffic
  

So you should create a rule like this:

Code: (Select All)

iptables -A FORWARD -i eth0 -p tcp –dport 22 -j ACCEPT
This command is based on your original command, using eth0 and tcp protocol

---

Can you tell me how to creates terminal style images like you? I know carbon but I am unable to get html code 

You only need to add the terminal code at the beginning and / terminal at the end! It is very easy !

 Yes, the command doesn't work properly

[Mashiro]

Your forward chain is set to DROP and has no rule that allows forwarding port 22 and 2222. Obviously this way it cannot work.

[chanalku91]

Your forward chain is set to DROP and has no rule that allows forwarding port 22 and 2222. Obviously this way it cannot work.

I also changed POLICY from FORWARD to ACCEPT but port forward still doesn't work? Is it because the target port 2222 closed at INTERFACE eth0 can affect Port Forwarding?

[chanalku91]

This thread can be closed, because Dwi Cahyo already provided a solution to my problem!
And thanks to @"Hidden Refuge" and @LightDestory for wanting to help me!