Port Forwarding - with Linux 2.2

What's Changes

If you haven't used Port Forwarding before, you can skip this section. This is quick guide to the changes since 2.0.36. Most of the changes are minor and can be ignored.

Download ipmasqadm from http://juanjox.kernelnotes.org/ or if you using Redhat 6, download the RPMs from: ftp://ftp.redhat.com/pub/contrib/libc6/i386/ipmasqadm-0.4.2-4.i386.rpm. (Mirrored in the UK at ftp://ftp.compsoc.net/pub/users/steve/ipsubs/ipmasqadm-0.4.2-4.i386.rpm).

If you are using modern RedHat kernels, you have already have Port Forwarding included as a module. To install it run:

modprobe ip_masq_portfw.o

If you use other distributions, you'll need to compile a new kernel with Port Forwarding support. You'll need to include the following options:

CONFIG_EXPERIMENTAL
CONFIG_IP_MASQUERADE
CONFIG_IP_MASQUERADE_IPPORTFW

If you're not familiar with compiling and installing kernels, read the Kernel HOWTO.

Before attempting to setup Port forwarding, set up and use IP Masquerading. Until it's enabled with ipportfw, Port forwarding will not affect IP Masquerading in any way. You can find more information about masquerading in the Masquerading HOWTO. The IP Chains HOWTO is also useful.

To configure redirection of a local port (local refers to the machine running the masquerading), you need to use ipportfw. It's options can be described as:

ipmasqadm portfw -h


Usage: portfw -a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF] add entry
       portfw -d -P PROTO -L LADDR LPORT [-R RADDR RPORT]         delete entry
       portfw -f                                                  clear table
       portfw -l                                                  list table
       portfw {args} -n                                           no names

PROTO is the protocol, can be "tcp" or "udp"
LADDR is the local interface receiving packets to be forwarded.
LPORT is the port being redirected.
RADDR is the remote address.
RPORT is the port being redirected to.
PREF  is the preference level (load balancing, default=10)

Need an Example. OK... ipchains -P forward DENY ipchains -A forward -i ppp0 -j MASQ echo 1 > /proc/sys/net/ipv4/ip_forward #this will clear all previous port forward rules ipmasqadm portfw -f #this will redirect all web conections (port 80) to you intenal server (using the tcp protocal (proto)) ipmasqadm portfw -a -P tcp -L 194.160.1.1 80 -R 10.10.0.2 80 #this will redirect timed connections ipmasqadm portfw -a -P udp -L 194.160.1.1 525 -R 10.0.0.2 525 ipmasqadm portfw -l prot localaddr rediraddr lport rport pcnt pref TCP guardian tricord www www 6 10 UPD guardian tricord time time 10 10


Last updated on 24th January, 2000
SC