Linux Port Forwarding to different IPsiptables port forwardingiptables port forward forwardinglocal ports range redirection to corresponding addresses range using iptablesIPTables port forwarding keep originating IP addressHow to configure port-forwarding to enable internal service accessed by another machine?RHEL 6 Having issues forwarding port 80 to port 8080Config differents external proxy to every VM with iptablesiptables port forwarding to server with different portIptables port forwarding with restrictions on someport forwarding to backend server
Is there a risk to write an invitation letter for a stranger to obtain a Czech (Schengen) visa?
New Site Design!
What things do I only get a limited opportunity to take photos of?
How can Caller ID be faked?
For Saintsbury, which English novelists constituted the "great quartet of the mid-eighteenth century"?
Do legislators hold the right of legislative initiative?
Idiom for 'person who gets violent when drunk"
Is it possible to have battery technology that can't be duplicated?
Is there a term for someone whose preferred policies are a mix of Left and Right?
100-doors puzzle
Should I worry about having my credit pulled multiple times while car shopping?
Fastest path on a snakes and ladders board
Does anyone recognize these rockets, and their location?
Arcane Tradition and Cost Efficiency: Learn spells on level-up, or learn them from scrolls/spellbooks?
Should I email my professor to clear up a (possibly very irrelevant) awkward misunderstanding?
Using roof rails to set up hammock
Was the Lonely Mountain, where Smaug lived, a volcano?
Interview was just a one hour panel. Got an offer the next day; do I accept or is this a red flag?
The title "Mord mit Aussicht" explained
My parents claim they cannot pay for my college education; what are my options?
Struggling to present results from long papers in short time slots
Approach sick days in feedback meeting
At zero velocity, is this object neither speeding up nor slowing down?
Dedicated bike GPS computer over smartphone
Linux Port Forwarding to different IPs
iptables port forwardingiptables port forward forwardinglocal ports range redirection to corresponding addresses range using iptablesIPTables port forwarding keep originating IP addressHow to configure port-forwarding to enable internal service accessed by another machine?RHEL 6 Having issues forwarding port 80 to port 8080Config differents external proxy to every VM with iptablesiptables port forwarding to server with different portIptables port forwarding with restrictions on someport forwarding to backend server
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
this is my scenario:
Netbook (192.168.1.2) ===> (192.168.1.1) Linux Server (192.168.0.4) ===> NAS (192.168.0.2)
Netbook (192.168.1.2) ===> (192.168.1.1) Linux Server (192.168.0.4) ===> Router (192.168.0.1)
I would like to do port forwarding with iptables in order to reach the NAS and Router on port 80 with my Netbook.
Both servers have a service on port 80, so depending on what I decide to do sometimes I open port 80 on the NAS, sometimes on the Router.
IP forwarding is enabled, masquerading as well.
This is my /etc/iptables.ipv4.nat file:
Generated by iptables-save v1.4.14 on Wed Apr 30 23:02:30 2014
*nat :PREROUTING ACCEPT [42:14791] :INPUT ACCEPT [31:2623] :OUTPUT ACCEPT [1:48]
:POSTROUTING ACCEPT [1:48]
-A PREROUTING -i wlan1 -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 22
-A PREROUTING -i wlan1 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -i wlan1 -p tcp -m tcp --dport 5901 -j DNAT --to-destination 192.168.0.2:5901
-A PREROUTING -i wlan1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
-A POSTROUTING -o wlan1 -j MASQUERADE COMMIT
Completed on Wed Apr 30 23:02:30 2014
Generated by iptables-save v1.4.14 on Wed Apr 30 23:02:30 2014
*filter :INPUT ACCEPT [904:141326] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [946:157235]
-A FORWARD -d 192.168.0.0/24 -i wlan1 -o wlan0 -p tcp -m tcp --dport 5901 -j ACCEPT
-A FORWARD -d 192.168.0.0/24 -i wlan1 -o wlan0 -p tcp -m tcp --dport 80 -j ACCEPT COMMIT
Completed on Wed Apr 30 23:02:30 2014
Furthermore on my router (192.168.0.1) I have a static route:
Network 192.168.1.0, Subnet 255.255.255.0, Gateway 192.168.0.4
The reason for the multiple /24 nets is that on the 192.168.1.0 net a DHCP server is running for all the connected devices to the Linux Server which is acting as an access point and TOR router (port 9040). At the same time a DHCP server is running on the router 192.168.0.1 for the devices connecting to the router.
The port forwarding for port 5901 works like a charm by the way.
linux iptables port-forwarding
edited May 6 '14 at 19:47
Cristian Ciupitu
5,47013551
asked May 6 '14 at 17:43
DanielDaniel
1012
|
show 1 more comment
this is my scenario:
Netbook (192.168.1.2) ===> (192.168.1.1) Linux Server (192.168.0.4) ===> NAS (192.168.0.2)
Netbook (192.168.1.2) ===> (192.168.1.1) Linux Server (192.168.0.4) ===> Router (192.168.0.1)
I would like to do port forwarding with iptables in order to reach the NAS and Router on port 80 with my Netbook.
Both servers have a service on port 80, so depending on what I decide to do sometimes I open port 80 on the NAS, sometimes on the Router.
IP forwarding is enabled, masquerading as well.
This is my /etc/iptables.ipv4.nat file:
Generated by iptables-save v1.4.14 on Wed Apr 30 23:02:30 2014
*nat :PREROUTING ACCEPT [42:14791] :INPUT ACCEPT [31:2623] :OUTPUT ACCEPT [1:48]
:POSTROUTING ACCEPT [1:48]
-A PREROUTING -i wlan1 -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 22
-A PREROUTING -i wlan1 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -i wlan1 -p tcp -m tcp --dport 5901 -j DNAT --to-destination 192.168.0.2:5901
-A PREROUTING -i wlan1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
-A POSTROUTING -o wlan1 -j MASQUERADE COMMIT
Completed on Wed Apr 30 23:02:30 2014
Generated by iptables-save v1.4.14 on Wed Apr 30 23:02:30 2014
*filter :INPUT ACCEPT [904:141326] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [946:157235]
-A FORWARD -d 192.168.0.0/24 -i wlan1 -o wlan0 -p tcp -m tcp --dport 5901 -j ACCEPT
-A FORWARD -d 192.168.0.0/24 -i wlan1 -o wlan0 -p tcp -m tcp --dport 80 -j ACCEPT COMMIT
Completed on Wed Apr 30 23:02:30 2014
Furthermore on my router (192.168.0.1) I have a static route:
Network 192.168.1.0, Subnet 255.255.255.0, Gateway 192.168.0.4
The reason for the multiple /24 nets is that on the 192.168.1.0 net a DHCP server is running for all the connected devices to the Linux Server which is acting as an access point and TOR router (port 9040). At the same time a DHCP server is running on the router 192.168.0.1 for the devices connecting to the router.
The port forwarding for port 5901 works like a charm by the way.
linux iptables port-forwarding
edited May 6 '14 at 19:47
Cristian Ciupitu
5,47013551
asked May 6 '14 at 17:43
DanielDaniel
1012
Sounds like you're having a routing issue, and not an actual firewall issue. It would make more sense for you to build a 2nd subnet on your router or use your Linux server as a default gateway between the two different subnets.
– CIA
May 6 '14 at 19:19
On my router there is a static route which enables my devices to ping each other. As soon as i try to address a specific port related service (80, 5901, etc) without any port-forwarding, I won't have any access. The traffic is blocked. So far the only solution that somehow works is port-forwarding in combination with the static route.
– Daniel
May 6 '14 at 19:22
Can you provide the static route(s) in your question?
– CIA
May 6 '14 at 19:24
sure, sorry for that, question is updated
– Daniel
May 6 '14 at 19:30
Is there a reason you have multiple /24 subnets?
– CIA
May 6 '14 at 19:35
|
show 1 more comment
this is my scenario:
Netbook (192.168.1.2) ===> (192.168.1.1) Linux Server (192.168.0.4) ===> NAS (192.168.0.2)
Netbook (192.168.1.2) ===> (192.168.1.1) Linux Server (192.168.0.4) ===> Router (192.168.0.1)
I would like to do port forwarding with iptables in order to reach the NAS and Router on port 80 with my Netbook.
Both servers have a service on port 80, so depending on what I decide to do sometimes I open port 80 on the NAS, sometimes on the Router.
IP forwarding is enabled, masquerading as well.
This is my /etc/iptables.ipv4.nat file:
Generated by iptables-save v1.4.14 on Wed Apr 30 23:02:30 2014
*nat :PREROUTING ACCEPT [42:14791] :INPUT ACCEPT [31:2623] :OUTPUT ACCEPT [1:48]
:POSTROUTING ACCEPT [1:48]
-A PREROUTING -i wlan1 -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 22
-A PREROUTING -i wlan1 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -i wlan1 -p tcp -m tcp --dport 5901 -j DNAT --to-destination 192.168.0.2:5901
-A PREROUTING -i wlan1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
-A POSTROUTING -o wlan1 -j MASQUERADE COMMIT
Completed on Wed Apr 30 23:02:30 2014
Generated by iptables-save v1.4.14 on Wed Apr 30 23:02:30 2014
*filter :INPUT ACCEPT [904:141326] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [946:157235]
-A FORWARD -d 192.168.0.0/24 -i wlan1 -o wlan0 -p tcp -m tcp --dport 5901 -j ACCEPT
-A FORWARD -d 192.168.0.0/24 -i wlan1 -o wlan0 -p tcp -m tcp --dport 80 -j ACCEPT COMMIT
Completed on Wed Apr 30 23:02:30 2014
Furthermore on my router (192.168.0.1) I have a static route:
Network 192.168.1.0, Subnet 255.255.255.0, Gateway 192.168.0.4
The reason for the multiple /24 nets is that on the 192.168.1.0 net a DHCP server is running for all the connected devices to the Linux Server which is acting as an access point and TOR router (port 9040). At the same time a DHCP server is running on the router 192.168.0.1 for the devices connecting to the router.
The port forwarding for port 5901 works like a charm by the way.
linux iptables port-forwarding
edited May 6 '14 at 19:47
Cristian Ciupitu
5,47013551
asked May 6 '14 at 17:43
DanielDaniel
1012
this is my scenario:
Netbook (192.168.1.2) ===> (192.168.1.1) Linux Server (192.168.0.4) ===> NAS (192.168.0.2)
Netbook (192.168.1.2) ===> (192.168.1.1) Linux Server (192.168.0.4) ===> Router (192.168.0.1)
I would like to do port forwarding with iptables in order to reach the NAS and Router on port 80 with my Netbook.
Both servers have a service on port 80, so depending on what I decide to do sometimes I open port 80 on the NAS, sometimes on the Router.
IP forwarding is enabled, masquerading as well.
This is my /etc/iptables.ipv4.nat file:
Generated by iptables-save v1.4.14 on Wed Apr 30 23:02:30 2014
*nat :PREROUTING ACCEPT [42:14791] :INPUT ACCEPT [31:2623] :OUTPUT ACCEPT [1:48]
:POSTROUTING ACCEPT [1:48]
-A PREROUTING -i wlan1 -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 22
-A PREROUTING -i wlan1 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -i wlan1 -p tcp -m tcp --dport 5901 -j DNAT --to-destination 192.168.0.2:5901
-A PREROUTING -i wlan1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
-A POSTROUTING -o wlan1 -j MASQUERADE COMMIT
Completed on Wed Apr 30 23:02:30 2014
Generated by iptables-save v1.4.14 on Wed Apr 30 23:02:30 2014
*filter :INPUT ACCEPT [904:141326] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [946:157235]
-A FORWARD -d 192.168.0.0/24 -i wlan1 -o wlan0 -p tcp -m tcp --dport 5901 -j ACCEPT
-A FORWARD -d 192.168.0.0/24 -i wlan1 -o wlan0 -p tcp -m tcp --dport 80 -j ACCEPT COMMIT
Completed on Wed Apr 30 23:02:30 2014
Furthermore on my router (192.168.0.1) I have a static route:
Network 192.168.1.0, Subnet 255.255.255.0, Gateway 192.168.0.4
The reason for the multiple /24 nets is that on the 192.168.1.0 net a DHCP server is running for all the connected devices to the Linux Server which is acting as an access point and TOR router (port 9040). At the same time a DHCP server is running on the router 192.168.0.1 for the devices connecting to the router.
The port forwarding for port 5901 works like a charm by the way.
linux iptables port-forwarding
linux iptables port-forwarding
edited May 6 '14 at 19:47
Cristian Ciupitu
5,47013551
asked May 6 '14 at 17:43
DanielDaniel
1012
edited May 6 '14 at 19:47
Cristian Ciupitu
5,47013551
asked May 6 '14 at 17:43
DanielDaniel
1012
edited May 6 '14 at 19:47
Cristian Ciupitu
5,47013551
edited May 6 '14 at 19:47
Cristian Ciupitu
5,47013551
edited May 6 '14 at 19:47
Cristian Ciupitu
5,47013551
5,47013551
asked May 6 '14 at 17:43
DanielDaniel
1012
asked May 6 '14 at 17:43
DanielDaniel
1012
asked May 6 '14 at 17:43
DanielDaniel
1012
1012
Sounds like you're having a routing issue, and not an actual firewall issue. It would make more sense for you to build a 2nd subnet on your router or use your Linux server as a default gateway between the two different subnets.
– CIA
May 6 '14 at 19:19
On my router there is a static route which enables my devices to ping each other. As soon as i try to address a specific port related service (80, 5901, etc) without any port-forwarding, I won't have any access. The traffic is blocked. So far the only solution that somehow works is port-forwarding in combination with the static route.
– Daniel
May 6 '14 at 19:22
Can you provide the static route(s) in your question?
– CIA
May 6 '14 at 19:24
sure, sorry for that, question is updated
– Daniel
May 6 '14 at 19:30
Is there a reason you have multiple /24 subnets?
– CIA
May 6 '14 at 19:35
|
show 1 more comment
Sounds like you're having a routing issue, and not an actual firewall issue. It would make more sense for you to build a 2nd subnet on your router or use your Linux server as a default gateway between the two different subnets.
– CIA
May 6 '14 at 19:19
On my router there is a static route which enables my devices to ping each other. As soon as i try to address a specific port related service (80, 5901, etc) without any port-forwarding, I won't have any access. The traffic is blocked. So far the only solution that somehow works is port-forwarding in combination with the static route.
– Daniel
May 6 '14 at 19:22
Can you provide the static route(s) in your question?
– CIA
May 6 '14 at 19:24
sure, sorry for that, question is updated
– Daniel
May 6 '14 at 19:30
Is there a reason you have multiple /24 subnets?
– CIA
May 6 '14 at 19:35
Sounds like you're having a routing issue, and not an actual firewall issue. It would make more sense for you to build a 2nd subnet on your router or use your Linux server as a default gateway between the two different subnets.
– CIA
May 6 '14 at 19:19
Sounds like you're having a routing issue, and not an actual firewall issue. It would make more sense for you to build a 2nd subnet on your router or use your Linux server as a default gateway between the two different subnets.
– CIA
May 6 '14 at 19:19
On my router there is a static route which enables my devices to ping each other. As soon as i try to address a specific port related service (80, 5901, etc) without any port-forwarding, I won't have any access. The traffic is blocked. So far the only solution that somehow works is port-forwarding in combination with the static route.
– Daniel
May 6 '14 at 19:22
On my router there is a static route which enables my devices to ping each other. As soon as i try to address a specific port related service (80, 5901, etc) without any port-forwarding, I won't have any access. The traffic is blocked. So far the only solution that somehow works is port-forwarding in combination with the static route.
– Daniel
May 6 '14 at 19:22
Can you provide the static route(s) in your question?
– CIA
May 6 '14 at 19:24
Can you provide the static route(s) in your question?
– CIA
May 6 '14 at 19:24
sure, sorry for that, question is updated
– Daniel
May 6 '14 at 19:30
sure, sorry for that, question is updated
– Daniel
May 6 '14 at 19:30
Is there a reason you have multiple /24 subnets?
– CIA
May 6 '14 at 19:35
Is there a reason you have multiple /24 subnets?
– CIA
May 6 '14 at 19:35
|
show 1 more comment
1 Answer
1
active
oldest
votes
Unless I am misunderstanding, why not simply map different target ports on the Linux Server to port 80 on the backend devices. For example:
Netbook --> 192.168.1.1:8080 (Linux Server) --> 192.168.0.2:80 (NAS)
Netbook --> 192.168.1.1:8081 (Linux Server) --> 192.168.0.1:80 (Router)
You already have the commands you need, you just need to set --dport to a different target port on the Linux Server, while specifying port 80 in --to-destination.
answered May 6 '14 at 17:52
Kyle SmithKyle Smith
8,68512530
Good idea but unpractical. I would need to always specify the port 8080 or 8081 requesting the NAS or Router. I dont wanna do that. I just want to open the IP address in the netbooks browser (192.168.0.2 or 192.168.0.1) and open the appropriate web service on their port 80. best solution would be to route the traffic on port 80 1:1 to the other subnet without a different handling of the ports. Firewalls usually have this option. I tried to set the --to-destination to 192.168.0.0:80 (in order to address the whole subnet) but that didn't work out.
– Daniel
May 6 '14 at 18:20
So you just want to route the traffic, not using any port NAT?
– Kyle Smith
May 6 '14 at 18:30
If possible, yes. I've tried uncountable suggestions without NAT but using the NAT rules above is so far the only thing that worked at all.
– Daniel
May 6 '14 at 18:38
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f593467%2flinux-port-forwarding-to-different-ips%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Unless I am misunderstanding, why not simply map different target ports on the Linux Server to port 80 on the backend devices. For example:
Netbook --> 192.168.1.1:8080 (Linux Server) --> 192.168.0.2:80 (NAS)
Netbook --> 192.168.1.1:8081 (Linux Server) --> 192.168.0.1:80 (Router)
You already have the commands you need, you just need to set --dport to a different target port on the Linux Server, while specifying port 80 in --to-destination.
answered May 6 '14 at 17:52
Kyle SmithKyle Smith
8,68512530
Good idea but unpractical. I would need to always specify the port 8080 or 8081 requesting the NAS or Router. I dont wanna do that. I just want to open the IP address in the netbooks browser (192.168.0.2 or 192.168.0.1) and open the appropriate web service on their port 80. best solution would be to route the traffic on port 80 1:1 to the other subnet without a different handling of the ports. Firewalls usually have this option. I tried to set the --to-destination to 192.168.0.0:80 (in order to address the whole subnet) but that didn't work out.
– Daniel
May 6 '14 at 18:20
So you just want to route the traffic, not using any port NAT?
– Kyle Smith
May 6 '14 at 18:30
If possible, yes. I've tried uncountable suggestions without NAT but using the NAT rules above is so far the only thing that worked at all.
– Daniel
May 6 '14 at 18:38
add a comment |
Unless I am misunderstanding, why not simply map different target ports on the Linux Server to port 80 on the backend devices. For example:
Netbook --> 192.168.1.1:8080 (Linux Server) --> 192.168.0.2:80 (NAS)
Netbook --> 192.168.1.1:8081 (Linux Server) --> 192.168.0.1:80 (Router)
You already have the commands you need, you just need to set --dport to a different target port on the Linux Server, while specifying port 80 in --to-destination.
answered May 6 '14 at 17:52
Kyle SmithKyle Smith
8,68512530
Good idea but unpractical. I would need to always specify the port 8080 or 8081 requesting the NAS or Router. I dont wanna do that. I just want to open the IP address in the netbooks browser (192.168.0.2 or 192.168.0.1) and open the appropriate web service on their port 80. best solution would be to route the traffic on port 80 1:1 to the other subnet without a different handling of the ports. Firewalls usually have this option. I tried to set the --to-destination to 192.168.0.0:80 (in order to address the whole subnet) but that didn't work out.
– Daniel
May 6 '14 at 18:20
So you just want to route the traffic, not using any port NAT?
– Kyle Smith
May 6 '14 at 18:30
If possible, yes. I've tried uncountable suggestions without NAT but using the NAT rules above is so far the only thing that worked at all.
– Daniel
May 6 '14 at 18:38
add a comment |
Unless I am misunderstanding, why not simply map different target ports on the Linux Server to port 80 on the backend devices. For example:
Netbook --> 192.168.1.1:8080 (Linux Server) --> 192.168.0.2:80 (NAS)
Netbook --> 192.168.1.1:8081 (Linux Server) --> 192.168.0.1:80 (Router)
You already have the commands you need, you just need to set --dport to a different target port on the Linux Server, while specifying port 80 in --to-destination.
answered May 6 '14 at 17:52
Kyle SmithKyle Smith
8,68512530
Unless I am misunderstanding, why not simply map different target ports on the Linux Server to port 80 on the backend devices. For example:
Netbook --> 192.168.1.1:8080 (Linux Server) --> 192.168.0.2:80 (NAS)
Netbook --> 192.168.1.1:8081 (Linux Server) --> 192.168.0.1:80 (Router)
You already have the commands you need, you just need to set --dport to a different target port on the Linux Server, while specifying port 80 in --to-destination.
answered May 6 '14 at 17:52
Kyle SmithKyle Smith
8,68512530
answered May 6 '14 at 17:52
Kyle SmithKyle Smith
8,68512530
answered May 6 '14 at 17:52
Kyle SmithKyle Smith
8,68512530
answered May 6 '14 at 17:52
Kyle SmithKyle Smith
8,68512530
8,68512530
Good idea but unpractical. I would need to always specify the port 8080 or 8081 requesting the NAS or Router. I dont wanna do that. I just want to open the IP address in the netbooks browser (192.168.0.2 or 192.168.0.1) and open the appropriate web service on their port 80. best solution would be to route the traffic on port 80 1:1 to the other subnet without a different handling of the ports. Firewalls usually have this option. I tried to set the --to-destination to 192.168.0.0:80 (in order to address the whole subnet) but that didn't work out.
– Daniel
May 6 '14 at 18:20
So you just want to route the traffic, not using any port NAT?
– Kyle Smith
May 6 '14 at 18:30
If possible, yes. I've tried uncountable suggestions without NAT but using the NAT rules above is so far the only thing that worked at all.
– Daniel
May 6 '14 at 18:38
add a comment |
Good idea but unpractical. I would need to always specify the port 8080 or 8081 requesting the NAS or Router. I dont wanna do that. I just want to open the IP address in the netbooks browser (192.168.0.2 or 192.168.0.1) and open the appropriate web service on their port 80. best solution would be to route the traffic on port 80 1:1 to the other subnet without a different handling of the ports. Firewalls usually have this option. I tried to set the --to-destination to 192.168.0.0:80 (in order to address the whole subnet) but that didn't work out.
– Daniel
May 6 '14 at 18:20
So you just want to route the traffic, not using any port NAT?
– Kyle Smith
May 6 '14 at 18:30
If possible, yes. I've tried uncountable suggestions without NAT but using the NAT rules above is so far the only thing that worked at all.
– Daniel
May 6 '14 at 18:38
Good idea but unpractical. I would need to always specify the port 8080 or 8081 requesting the NAS or Router. I dont wanna do that. I just want to open the IP address in the netbooks browser (192.168.0.2 or 192.168.0.1) and open the appropriate web service on their port 80. best solution would be to route the traffic on port 80 1:1 to the other subnet without a different handling of the ports. Firewalls usually have this option. I tried to set the --to-destination to 192.168.0.0:80 (in order to address the whole subnet) but that didn't work out.
– Daniel
May 6 '14 at 18:20
Good idea but unpractical. I would need to always specify the port 8080 or 8081 requesting the NAS or Router. I dont wanna do that. I just want to open the IP address in the netbooks browser (192.168.0.2 or 192.168.0.1) and open the appropriate web service on their port 80. best solution would be to route the traffic on port 80 1:1 to the other subnet without a different handling of the ports. Firewalls usually have this option. I tried to set the --to-destination to 192.168.0.0:80 (in order to address the whole subnet) but that didn't work out.
– Daniel
May 6 '14 at 18:20
So you just want to route the traffic, not using any port NAT?
– Kyle Smith
May 6 '14 at 18:30
So you just want to route the traffic, not using any port NAT?
– Kyle Smith
May 6 '14 at 18:30
If possible, yes. I've tried uncountable suggestions without NAT but using the NAT rules above is so far the only thing that worked at all.
– Daniel
May 6 '14 at 18:38
If possible, yes. I've tried uncountable suggestions without NAT but using the NAT rules above is so far the only thing that worked at all.
– Daniel
May 6 '14 at 18:38
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f593467%2flinux-port-forwarding-to-different-ips%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Sounds like you're having a routing issue, and not an actual firewall issue. It would make more sense for you to build a 2nd subnet on your router or use your Linux server as a default gateway between the two different subnets.
– CIA
May 6 '14 at 19:19
On my router there is a static route which enables my devices to ping each other. As soon as i try to address a specific port related service (80, 5901, etc) without any port-forwarding, I won't have any access. The traffic is blocked. So far the only solution that somehow works is port-forwarding in combination with the static route.
– Daniel
May 6 '14 at 19:22
Can you provide the static route(s) in your question?
– CIA
May 6 '14 at 19:24
sure, sorry for that, question is updated
– Daniel
May 6 '14 at 19:30
Is there a reason you have multiple /24 subnets?
– CIA
May 6 '14 at 19:35