Port forwarding with iptables and also dhcpd

The arrangement : I have a Linux (Gentoo, if that makes a distinction) box that acts as a portal for the entire home. This box does its NAT - magic with iptables and also dhcpd.

The trouble : I have a particular computer system that I intend to have a port sent to (for gushes, if, once more, there's a distinction).

I have simply sufficient Linux management abilities to read howtos and also get things set up effectively (at some point), yet the howtos I located for my instance were also vague and also appeared to be needlessly intricate.

Wherefore I've collected, my trouble is two fold : obtaining the dhcpd accurately assign a particular fixed IP to the computer system I desire, and afterwards obtaining iptables set up for the port forwarding.

Could a person offer me a precise, action - by - action overview in just how to do this? I'm certain I'm not the just one intending to do this ...


Edit : My variations of the software program are:

# iptables --version
iptables v1.4.0

# dhcpd --version
isc-dhcpd-V3.1.1-Gentoo
0
2019-05-09 11:31:42
Source Share
Answers: 2

iptables -t nat -I PREROUTING -s ! {internal-network} -d {public-address} -p tcp --dport {port-on-public-address} -j DNAT --to-dest {internal-address}

where :

  • inner - network is the IP address that represents your network, i.e. 192.168.1.0
  • inner - address is the IP address that stands for the host you intend to reveal, i.e. 192.168.1.2
  • public - address is the IP address of the user interface that is encountering your ISP
  • port - on - public - address is the port number that website traffic would certainly get to if your inner computer system can see it ; keep in mind that this regulation does not transform the port number as it forwards, it merely passes the package along

Note the room in between the - s, the exclaimation mark, and also inner - network , make certain to have a room on both sides.

0
2019-05-10 07:19:18
Source

To get dhcp to accurately assign a particular fixed IP to the computer system you desire, the common point to do is to check into just how to inform your dhcp server (whichever one you're running) to statically map a mac address to an IP address. This will certainly make it constantly distribute the very same IP (that you define) to that mac address.

ISC dhcp requires a config verse like

host mycomputer {
  hardware ethernet 00:12:34:56:78:9A;
  fixed-address 192.168.1.10;
}

dnsmasq requires a line like :

dhcp-host=00:12:34:56:78:9A,192.168.1.10

whose information are defined in the manpage.

where :

  • mycomputer is your computer system's hostname
  • 00 :12 :34 :56 :78 :9A is your computer system's mac address
  • 192.168.1.10 is the IP you intend to be constantly appointed to that mac address

Once that's done, you currently have a 'fixed' IP to do your port forwarding to. To do this you desire, as @Avery Payne claims, to do :

iptables -t nat -I PREROUTING -s ! {internal-network} -d {public-address} -p tcp --dport {port-on-public-address} -j DNAT --to-dest {internal-address}

where :

  • inner - network is the IP address that represents your network, i.e. 192.168.1.0
  • inner - address is the IP address that stands for the host you intend to reveal, i.e. 192.168.1.10
  • public - address is the IP address of the user interface that is encountering your ISP
  • port - on - public - address is the port number that website traffic would certainly get to if your inner computer system can see it ; keep in mind that this regulation does not transform the port number as it forwards, it merely passes the package along

Note the room in between the - s, the exclamation mark, and also inner - network , make certain to have a room on both sides.

0
2019-05-10 06:37:34
Source