forword wan ip:port to external ip2:port2 – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.
But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, iptables, router, port-forwarding, busybox.
I have router based on linux (BusyBox). I can login to terminal by telnet. I want to forward wan port to ip_external:port
my wan ip (on my router):22.214.171.124 my wan port (on my router):1188 my external remote ip (on my vps):126.96.36.199 my remote port (on my vps):1180
i just try to redirect 188.8.131.52:1188 to 184.108.40.206:1180 by iptables and that is all
i have tried by this commend but still appear port as filtered when i test it on ipfingerprints.com/portscan.php ip:220.127.116.11 port:1188
iptables -t nat -A PREROUTING -i ppp111 -p tcp --dport 1188 -j DNAT --to 18.104.22.168:1180 iptables -t nat -A PREROUTING -p tcp --dport 1180 -j DNAT --to 22.214.171.124:1180 iptables -t nat -A POSTROUTING -p tcp -d 126.96.36.199 --dport 1180 -j MASQUERADE
To redirect all incoming tcp-traffic from interface ppp111 with destination IP 188.8.131.52 and destination port 1188 to IP 184.108.40.206 and port 1180 it is enough to use this iptables rule:
iptables -t nat -A PREROUTING -i ppp111 -d 220.127.116.11 -p tcp --dport 1188 -j DNAT --to 18.104.22.168:1180
You also need to check if there is a rule that accepts forwarding from ppp111 to external interface and if forwarding is enabled in the kernel:
$ sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1
1 means it is on. If you see
= 0 you can do this
sysctl -w net.ipv4.ip_forward=1.
If you want to masquerade traffic, use
-o option (output interface):
iptables -t nat -A POSTROUTING -p tcp -d 22.214.171.124 --dport 1180 -o $EXTERNAL_IFACE -j MASQUERADE
It’s good practice to use
-i (input interface) option also, to prevent masquerading from untrusted networks.
If you use this:
iptables -t nat -A PREROUTING -i ppp111 -p tcp --dport 1188 -j DNAT --to 126.96.36.199:1180
then you redirect all TCP traffic you have from interface ppp111 with destination port 1188 to 188.8.131.52:1180. You don’t check destination IP address, so traffic for 184.108.40.206:1188 will also be redirected via this rule.
So, be carefull and accurate when writing firewall rules!