[CentOS] iptables port forwarding

Tue Dec 4 22:25:20 UTC 2012
Earl A Ramirez <earlaramirez at gmail.com>

On 5 December 2012 03:38, Joseph Spenner <joseph85750 at yahoo.com> wrote:

> I have a simple requirement/test I'm trying to perform, but having
> difficulty.
>
> I have a system with 2 interfaces, BoxA:
>
> eth0  172.26.50.102
> eth1  192.101.77.62
>
> My goal is to have a tcp port built on BoxA such that hosts on the
> 192.101.77.0/24 network can reach a port on a different box on the
> 172.26.0.0/16 network.
>
> The target system is 172.26.10.120   tcp/22
> The port I wish to build is 12321.
>
> The iptables rules I'm using:
>
> iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 12321 -j DNAT --to
> 172.26.10.120:22
>
> It shows up when I query the rules:
>
> boxA# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> #
>
> boxA# iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> DNAT       tcp  --  anywhere             anywhere            tcp dpt:12321
> to:172.26.10.120:22
>
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> boxA#
>
>
> Forwarding is enabled:
>
> boxA# cat /proc/sys/net/ipv4/ip_forward
> 1
> boxA#
>
> boxA can get to the target system:
>
> boxA# telnet 172.26.10.120 22
> Trying 172.26.10.120...
> Connected to 172.26.10.120.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.6
>
> Protocol mismatch.
> Connection closed by foreign host.
> boxA#
>
>
> When I try to connect from my other system, boxB, 192.101.77.76, it never
> connects to the target port:
>
> boxB# telnet 192.101.77.62 12321
> Trying 192.101.77.62...
> ^C
>
> boxB#
>
> However, I can connect to boxA from boxB on it's tcp/22 port, so I know I
> have connectivity:
>
> boxB# telnet 192.101.77.62 22
> Trying 192.101.77.62...
> Connected to 192.101.77.62.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_5.5p1
>
> Protocol mismatch.
> Connection closed by foreign host.
> boxB#
>
> Nothing shows up in the logs.
>
> Anyone have any ideas what I may be doing wrong?
>
> Any help would be great.
>
> Thanks!
>
>
> ______________________________________________________________________
> If life gives you lemons, keep them-- because hey.. free lemons.
> "♥ Sticker" fixer:  http://microflush.org/stuff/stickers/heartFix.html
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


Hi Joseph,

What port is the sshd daemon listening on, did you edit the sshd_config
file to reflect port 12321?

-- 
Kind Regards
Earl Ramirez