Port Forwarding on Ubuntu

README.md

Port Forwarding on Ubuntu with IP Tables

You can port-forwarding your port connection on your Linux (Ubuntu) Environment.

Make sure iptables installed

sudo apt-get update
sudo apt-get install iptables

sudo modprobe iptable_nat
sudo nano /etc/modules
---
iptable_nat
---

Basic Command

• Dont forget to activate port-forwarding

sudo sysctl net.ipv4.ip_forward=1

• Check IP Table

iptables -t nat -v -L -n --line-number

• Delete IP Table
  • Assume PREROUTING are rules type that you make before.
  • Assume 5 are number on list that you want to delete.

  iptables -t nat --delete PREROUTING 5
  

Use Case

If you want to forward traffic from 10.74.130.80:80 to 10.8.0.2:80 you can use this :

iptables -t nat -A PREROUTING -p tcp --dport 80 -d 10.74.130.80 -j DNAT --to-destination 10.8.0.2:80

If you want to forward all trafic from ens3 VM A with ex IP : 172.20.1.2 to VM B with ex IP : 172.20.3.209 you can do this :

sudo iptables -t nat -A PREROUTING -i ens3 -p tcp -d 172.20.1.2 -j DNAT --to-destination 172.20.3.209
sudo iptables -t nat -A PREROUTING -i ens3 -p udp -d 172.20.1.2  -j DNAT --to-destination 172.20.3.209
iptables -t nat -D POSTROUTING ! -s 127.0.0.1 -j MASQUERADE

with these command, we can't go to VM A with public IP ens3 again, so DWYOR. If you want to go to VM A, you must have a secondary interface (ens3/ens4/etc).

If you want to forward all port to your VM onpremises with VPN interconnection, you can create exclude rules for vpn connection port & ssh public VM with :

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j ACCEPT
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1194 -j ACCEPT
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp -d 172.29.161.228 -j DNAT --to-destination 10.8.0.2
sudo iptables -t nat -A PREROUTING -i eth0 -p udp -d 172.29.161.228  -j DNAT --to-destination 10.8.0.2
sudo iptables -t nat -A POSTROUTING ! -s 127.0.0.1 -j MASQUERADE

• 22 are VPS SSH public port (to avoid lost access to VPS when all traffic forwarded to VM onpremises)
• eth0 are ethernet VPS interface
• 1194 are VPN port public (we will exclude this port for vpn interconnection)
• 172.29.161.228 are eth0 vps IP
• 10.8.0.2 VM Onpremise VPN client IP
• The order above should not be changed, because the order in iptables greatly affects (the top one is read first).

Save Persistent IP Table

After you insert some rules to ip tables, you can make it to persistent with :

sudo apt-get install iptables-persistent
sudo netfilter-persistent save
iptables-save
ip6tables-save

Save on Centos

yum install iptables-services
service iptables save
systemctl enable iptables

Dump & Import txt for Iptables rules

## Dump iptables to txt
iptables-save > rules.txt

## Import iptables from txt
iptables-restore < rules.txt

Script Generate & Delete

• Script

PFwithSSH.md

Local Forwarding

If you want to locally access a cloud application that has the address 192.168.100.2:82 and can only be reached by your VM, you can use the technique below. That way you can access your local localhost:80.

ssh -L LocalPortAccess:AppsIPAddresses:AppsPortAddresses user@VPSPublicIP -pXXXX
ssh -L 80:127.0.0.1:30001 [email protected] -p10013

Remote Forwarding

If you want to access your local application with the application address 127.0.0.1:30001 then you can access it on your VPS on port 80 you can use the technique below:

ssh -R VPSAccessPort:LOCALAppsAddresses:DestinationLocalPort user@VPSPublicIP -pXXXX
ssh -R 80:127.0.0.1:30001 [email protected] -p10013

Dynamic Forwarding

If you want to forward all the ports running on your VPS to your local location, you can use dynamic forwarding or the -D command or often called SOCKS Proxy V5.

ssh root@IPVPSWILLFORWARDED -D CHANNEL
ssh [email protected] -D 500

Read this for use SOCKS V5 Proxy.