Port Forwarding - with Linux 2.2
What's Changes
If you haven't used Port Forwarding before, you can skip this section. This is quick guide to the changes since 2.0.36. Most of the changes are minor and can be ignored.
You don't need any kernel patches. The kernel already has the port forwarding code.
There is a new tool to administer port forwarding rules - ipmasqadm replaces ipportfw. It's easy to convert to the new tool - just replace "ipportfw" by "ipmasqadm portfw" and it will work.
Download ipmasqadm from http://juanjox.kernelnotes.org/ or if you using Redhat 6, download the RPMs from: ftp://ftp.redhat.com/pub/contrib/libc6/i386/ipmasqadm-0.4.2-3.i386.rpm.
If you are using modern RedHat kernels, you have already have Port Forwarding included as a module. To install it run:
modprobe ip_masq_portfw.o
If you use other distributions, you'll need to compile a new kernel with Port Forwarding support. You'll need to include the following options:
CONFIG_EXPERIMENTAL
CONFIG_IP_MASQUERADE
CONFIG_IP_MASQUERADE_IPPORTFW
If you're not familiar with compiling and installing kernels, read the Kernel HOWTO.
Before attempting to setup Port forwarding, set up and use IP Masquerading. Until it's enabled with ipportfw, Port forwarding will not affect IP Masquerading in any way. You can find more information about masquerading in the Masquerading HOWTO. The IP Chains HOWTO is also useful.
To configure redirection of a local port (local refers to the machine running the masquerading), you need to use ipportfw. It's options can be described as:
ipmasqadm portfw -h
Usage: portfw -a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF] add entry
portfw -d -P PROTO -L LADDR LPORT [-R RADDR RPORT] delete entry
portfw -f clear table
portfw -l list table
portfw {args} -n no names
PROTO is the protocol, can be "tcp" or "udp"
LADDR is the local interface receiving packets to be forwarded.
LPORT is the port being redirected.
RADDR is the remote address.
RPORT is the port being redirected to.
PREF is the preference level (load balancing, default=10)
Need an Example. OK...
ipchains -P forward DENY
ipchains -A forward -i ppp0 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
#this will clear all previous port forward rules
ipmasqadm portfw -f
#this will redirect all web conections (port 80) to you intenal server (using the tcp protocal (proto))
ipmasqadm portfw -a -P tcp -L 194.160.1.1 80 -R 10.10.0.2 80
#this will redirect timed connections
ipmasqadm portfw -a -P udp -L 194.160.1.1 525 -R 10.0.0.2 525
ipmasqadm portfw -l
prot localaddr rediraddr lport rport pcnt pref
TCP guardian tricord www www 6 10
UPD guardian tricord time time 10 10
2830
41
