Advertisement
SH1NU11b1

Port Forward

Oct 23rd, 2014
224
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.39 KB | None | 0 0
  1. BACK TO BASICS Port forwarding
  2. A concrete application of DNAT is port forwarding. Incoming connections to a given port of a machine are forwarded to a port on another machine. Other solutions may exist for achieving a similar effect, though, especially at the application level with ssh (see Section 9.2.2.3, “Creating Encrypted Tunnels with Port Forwarding”) or redir.
  3. Enough theory, let's get practical. Turning a Debian system into a gateway is a simple matter of enabling the appropriate option in the Linux kernel, by way of the /proc/ virtual filesystem:
  4. # echo 1 > /proc/sys/net/ipv4/conf/default/forwarding
  5. This option can also be automatically enabled on boot if /etc/sysctl.conf sets the net.ipv4.conf.default.forwarding option to 1.
  6. Example 10.1. The /etc/sysctl.conf file
  7. net.ipv4.conf.default.forwarding = 1
  8. net.ipv4.conf.default.rp_filter = 1
  9. net.ipv4.tcp_syncookies = 1
  10.  
  11. The same effect can be obtained for IPv6 by simply replacing ipv4 with ipv6 in the manual command and using the net.ipv6.conf.all.forwarding line in /etc/sysctl.conf.
  12. Enabling IPv4 masquerading is a slightly more complex operation that involves configuring the netfilter firewall.
  13. Similarly, using NAT (for IPv4) requires configuring netfilter. Since the primary purpose of this component is packet filtering, the details are listed in Chapter 14: “Security” (see Section 14.2, “Firewall or Packet Filtering”).
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement