Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home Help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

iptables question

alterlaialterlai Member
in Help

I have a proxmox installation running with a private network.
Promox has one public IP. With NAT a private network is created of 10.0.0.0/24

Inside the network i have a router (10.0.0.2) that creates a new subnet (10.0.1.0/24).
This might sound like a weird setup, but that's the one thing that has worked so far.

Now I would like to forward all ports to the router, with two exceptions: 8006 and 443. Those are proxmox and HTTPS.
I'm not very familiar with iptables and i don't really want to break anything at this point.

Can anyone help me out?

Comments

  • 4n0nx4n0nx Member
    edited May 2015

    Not sure if that works:

    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8006 -j RETURN  
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j RETURN  
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1:65535 -j DNAT --to 10.0.0.2

    If you "break" anything (e.g. can't connect to your server because you didn't open port 22 for SSH unless that was intended?), just reboot your server to reset the rules.

    //EDIT: To be clear: This redirects all ports except 8006 and 443 from the host node to the router. If I am correct :D

    //EDIT: You need to also do that with -p udp

  • alterlaialterlai Member

    @4n0nx said:
    Not sure if that works:

    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8006 -j RETURN  
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j RETURN  
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1:65535 -j DNAT --to 10.0.0.2

    If you "break" anything (e.g. can't connect to your server because you didn't open port 22 for SSH unless that was intended?), just reboot your server to reset the rules.

    //EDIT: To be clear: This redirects all ports except 8006 and 443 from the host node to the router. If I am correct :D

    //EDIT: You need to also do that with -p udp

    Thanks a lot. I'll test it probably tomorrow.

  • 4n0nx4n0nx Member

    alterlai said: Thanks a lot. I'll test it probably tomorrow.

    Plenty of time for someone to correct me if I'm wrong ;D And srsly don't forget to do -j RETURN SSH port or you will be locked out of server

  • alterlaialterlai Member

    @4n0nx said:
    Plenty of time for someone to correct me if I'm wrong ;D And srsly don't forget to do -j RETURN SSH port or you will be locked out of server

    I've just tried this, but i wasn't able to confirm because i just ran into another networking issue. Now the NAT doesn't seem to work anymore. And yes, i did clear iptables and tried again.
    Also rebooting the node doesn't help.

Sign In or Register to comment.