Dear All, If I want to do a port mapping in Centos, what tools should I look for? Where can I get the information about how to set it up (how to, manuals)?
Thanks.
-- Tanu --
Here is what I want to do: I installed a database server on centos, it has a private IP, the database server run on a certain port (for e.g. port 5555)
From other place connected to the internet I try to do some kind of sync to the database server, so I think I have to set the port mapper in the gateway to pass the access to port 5555 to the centos server.
Barry Brimer wrote:
Dear All, If I want to do a port mapping in Centos, what tools should I look for? Where can I get the information about how to set it up (how to, manuals)?
Could you be more specific with your question? What kind of "port mapping" are you talking about? _______________________________________________
On Sun, 20 Jan 2008, Sobari Tanuwijaya wrote:
Here is what I want to do: I installed a database server on centos, it has a private IP, the database server run on a certain port (for e.g. port 5555)
From other place connected to the internet I try to do some kind of sync to the database server, so I think I have to set the port mapper in the gateway to pass the access to port 5555 to the centos server.
Barry Brimer wrote:
Dear All, If I want to do a port mapping in Centos, what tools should I look for? Where can I get the information about how to set it up (how to, manuals)?
Could you be more specific with your question? What kind of "port mapping" are you talking about?
So you're trying to determine what you need to do to forward connections from your system to port 5555 on the remote system via your gateway it seems. What is your gateway running? Is it running CentOS?
Yes.
I plan to use centos as the OS on the gateway server.
Barry Brimer wrote:
On Sun, 20 Jan 2008, Sobari Tanuwijaya wrote:
Here is what I want to do: I installed a database server on centos, it has a private IP, the database server run on a certain port (for e.g. port 5555)
From other place connected to the internet I try to do some kind of sync to the database server, so I think I have to set the port mapper in the gateway to pass the access to port 5555 to the centos server.
So you're trying to determine what you need to do to forward connections from your system to port 5555 on the remote system via your gateway it seems. What is your gateway running? Is it running CentOS?
On Mon, 21 Jan 2008, Sobari Tanuwijaya wrote:
Yes.
I plan to use centos as the OS on the gateway server.
Barry Brimer wrote:
On Sun, 20 Jan 2008, Sobari Tanuwijaya wrote:
Here is what I want to do: I installed a database server on centos, it has a private IP, the database server run on a certain port (for e.g. port 5555)
From other place connected to the internet I try to do some kind of sync to the database server, so I think I have to set the port mapper in the gateway to pass the access to port 5555 to the centos server.
So you're trying to determine what you need to do to forward connections from your system to port 5555 on the remote system via your gateway it seems. What is your gateway running? Is it running CentOS?
I would use something like:
iptables -t nat -I PREROUTING -d <public ip address of server> -p tcp --dport 5555 -j DNAT --to <private IP address of database server>
If you are not already masquerading traffic out, this should handle that. "iptables -t nat -A POSTROUTING -s <internal network/mask> -j MASQUERADE"
Once you see that work, you can do a "service iptables save" to save the configuration and "chkconfig iptables on" to make sure it starts on boot.
Barry
Barry Brimer wrote:
iptables -t nat -I PREROUTING -d <public ip address of server> -p tcp --dport 5555 -j DNAT --to <private IP address of database server>
as most firewall rule sets have a default FORWARD rule of 'drop', this is also typically necessary...
$IPTABLES -I FORWARD -i $EXTIF -o $INTIF -p tcp --dport 5555 -j ACCEPT
where $EXTIF and $INTIF are the external and internal interfaces, such as eth0 and eth1.
Where should I put this? After the command Barry said for before?
John R Pierce wrote:
Barry Brimer wrote:
iptables -t nat -I PREROUTING -d <public ip address of server> -p tcp --dport 5555 -j DNAT --to <private IP address of database server>
as most firewall rule sets have a default FORWARD rule of 'drop', this is also typically necessary...
$IPTABLES -I FORWARD -i $EXTIF -o $INTIF -p tcp --dport 5555 -j ACCEPTwhere $EXTIF and $INTIF are the external and internal interfaces, such as eth0 and eth1.
Sobari Tanuwijaya wrote:
Where should I put this? After the command Barry said for before?
it doesn't matter, its a rule in a different chain
I recommend you read up on iptables and firewall rules to understand how it all works before attempting to apply any rule.
good stuff here http://www.netfilter.org/documentation/
the ip masquerade HOWTO lives here http://tldp.org/HOWTO/html_single/IP-Masquerade-HOWTO/ its a -little- out of date, but still quite applicable.
these additional rules should be added in a manner compatible with your existing firewall rules... if you're using one of the common rule generator scripts (lokkit, shorewall, etc) it may well already have its own method for enabling rules like this, that would be preferable.
OK, thank you very much for your help.
John R Pierce wrote:
Sobari Tanuwijaya wrote:
Where should I put this? After the command Barry said for before?
it doesn't matter, its a rule in a different chain
I recommend you read up on iptables and firewall rules to understand how it all works before attempting to apply any rule.
good stuff here http://www.netfilter.org/documentation/
the ip masquerade HOWTO lives here http://tldp.org/HOWTO/html_single/IP-Masquerade-HOWTO/ its a -little- out of date, but still quite applicable.
these additional rules should be added in a manner compatible with your existing firewall rules... if you're using one of the common rule generator scripts (lokkit, shorewall, etc) it may well already have its own method for enabling rules like this, that would be preferable.
Thanks for your help. I will try to do it in the server. Is there any document that should read about this?
Barry Brimer wrote:
Yes.
I plan to use centos as the OS on the gateway server.
Barry Brimer wrote:
So you're trying to determine what you need to do to forward connections from your system to port 5555 on the remote system via your gateway it seems. What is your gateway running? Is it running CentOS?
I would use something like:
iptables -t nat -I PREROUTING -d <public ip address of server> -p tcp --dport 5555 -j DNAT --to <private IP address of database server>
If you are not already masquerading traffic out, this should handle that. "iptables -t nat -A POSTROUTING -s <internal network/mask> -j MASQUERADE"
Once you see that work, you can do a "service iptables save" to save the configuration and "chkconfig iptables on" to make sure it starts on boot.
Barry
Barry Brimer wrote:
Dear All, If I want to do a port mapping in Centos, what tools should I look for? Where can I get the information about how to set it up (how to, manuals)?
Could you be more specific with your question? What kind of "port mapping" are you talking about? _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Assuming you actually mean port scanning NM AP may be a good choice
What is NM AP? (SOL)
Clint Dilks wrote:
Barry Brimer wrote:
Dear All, If I want to do a port mapping in Centos, what tools should I look for? Where can I get the information about how to set it up (how to, manuals)?
Assuming you actually mean port scanning NM AP may be a good choice
-
Barry Brimer -
Clint Dilks -
John R Pierce -
Sobari Tanuwijaya