Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 27th June 2011, 02:49
mjhasbach mjhasbach is offline
Junior Member
 
Join Date: May 2010
Posts: 14
Thanks: 2
Thanked 0 Times in 0 Posts
Default Forwarding Port Traffic From a Domain to an External IP

Hello, I'm not sure if this is the correct section, but I thought I'd ask here, because I've always had pretty good luck getting questions answered at HowtoForge.

I have an Ubuntu 11.04 ISPConfig 3-based VPS running a few websites and services. Basically, what I'm trying to do if forward all traffic on a certain domain's port to an external IP address. More specifically, I want to forward traffic from the video game Terraria's port 7777 from (e.g.) "domain.com" to (e.g.) "1.1.1.1."

The reason for this is because there is no Linux software for the Terraria server, and no one (afaik) has gotten it to work with mono or wine yet. As a result, the server is being hosted on a Windows machine and I would like to be able to connect to the server using (e.g.) "domain.com" (the domain that is associated with my Linux server) instead of (e.g.) "1.1.1.1" (the IP that is associated with my Windows machine).

I thought that I could accomplish this with DNS records, but have learned that this is apparently not the case.

If someone knows how to do this and is willing to share, I would appreciate it greatly.

Thanks.
Reply With Quote
Sponsored Links
  #2  
Old 1st July 2011, 22:07
mjhasbach mjhasbach is offline
Junior Member
 
Join Date: May 2010
Posts: 14
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Shameless bump, since my question was asked 4-5 days ago. This thread has a reasonable number of hits, which indicates to me that others are seeking the same information.

Thanks.
Reply With Quote
  #3  
Old 2nd July 2011, 01:29
erosbk erosbk is offline
Senior Member
 
Join Date: Mar 2011
Posts: 337
Thanks: 49
Thanked 36 Times in 30 Posts
Default

You can achieve what you are asking for with IP tables... I can't test right now, but try in some vm before using this in production.

Use this like a guide, not as the final solution (or use at your own risk, test first, correct next if something is wrong)

iptables -t nat -A PREROUTING -p tcp -d 190.1.1.1 --dport 7777 -j DNAT --to 1.1.1.1:7777
iptables -t nat -A POSTROUTING -d 1.1.1.1 -j MASQUERADE

Where 190.1.1.1 is your linux box, and 1.1.1.1 is your windows box.

Best regards.-
Reply With Quote
The Following User Says Thank You to erosbk For This Useful Post:
mjhasbach (2nd July 2011)
  #4  
Old 2nd July 2011, 05:35
mjhasbach mjhasbach is offline
Junior Member
 
Join Date: May 2010
Posts: 14
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Thanks for the reply. I tried the steps you mentioned and ran into a problem.

Quote:
root@xxx:~# iptables -t nat -A PREROUTING -p tcp -d x.x.x.x --dport 7777 -j DNAT --to x.x.x.x:7777
root@xxx:~# iptables -t nat -A POSTROUTING -d x.x.x.x -j MASQUERADE
iptables: No chain/target/match by that name.
*Where x.x.x.x are the appropriate IPs

Needless to say, that error is causing traffic not to be forwarded as intended.

The error is pretty clear, but I'm not sure how to fix it. I don't know much about iptables, but I did a bit of research about the error and proceeded to try:

Quote:
root@lv6:~# iptables -N nat
...and then tried adding the iptables rules again to no avail.
Reply With Quote
  #5  
Old 2nd July 2011, 16:59
erosbk erosbk is offline
Senior Member
 
Join Date: Mar 2011
Posts: 337
Thanks: 49
Thanked 36 Times in 30 Posts
Default

Follow this step by step and post here results please:

1) list your actual nat rules
iptables --list -n -t nat

2) flush your nat rules (becarefull, if you have other nat rules, you will remove them too...)
iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING

3) Add rules again, watch for IPs
root@dns2:~# iptables -t nat -A PREROUTING -p tcp -d 192.168.78.129 --dport 7777 -j DNAT --to 192.168.78.128:7777
root@dns2:~# iptables -t nat -A POSTROUTING -d 192.168.78.128 -j MASQUERADE

root@dns2:~# iptables --list -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere dns2.erosbk.com.ar tcp dpt:7777 to:192.168.78.128:7777

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere dns1.erosbk.com.ar

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


__________________________________________________ ________________________________________

Tested in Debian... u are using Ubuntu, but I think there is no difference...
Reply With Quote
The Following User Says Thank You to erosbk For This Useful Post:
mjhasbach (2nd July 2011)
  #6  
Old 2nd July 2011, 21:55
mjhasbach mjhasbach is offline
Junior Member
 
Join Date: May 2010
Posts: 14
Thanks: 2
Thanked 0 Times in 0 Posts
Default

I seem to be running into the same problem as before:

#1
Quote:
root@xx:~# iptables --list -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 x.x.x.x tcp dpt:7777 to:x.x.x.x:7777
DNAT tcp -- 0.0.0.0/0 x.x.x.x tcp dpt:7777 to:x.x.x.x:7777

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
*Accidentally had the rule in there twice from earlier testing


#2
Quote:
root@xx:~# iptables -t nat -F PREROUTING
root@xx:~# iptables -t nat -F POSTROUTING
#3
Quote:
root@xx:~# iptables -t nat -A PREROUTING -p tcp -d x.x.x.x --dport 7777 -j DNAT --to x.x.x.x:7777
root@xx:~# iptables -t nat -A POSTROUTING -d x.x.x.x -j MASQUERADE
iptables: No chain/target/match by that name.
#4
Quote:
root@xx:~# iptables --list -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere x.x.x.x tcp dpt:7777 to:x.x.x.x:7777

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
x.x.x.x represents the correct IP addresses in the preceding quotes. It's also worth mentioning that in the game client, when I type the domain and port to connect to, it resolves the IP address of my Linux box and not my Windows box. Thanks again.
Reply With Quote
  #7  
Old 3rd July 2011, 00:26
erosbk erosbk is offline
Senior Member
 
Join Date: Mar 2011
Posts: 337
Thanks: 49
Thanked 36 Times in 30 Posts
Default

I will see if I can in this days, install a vm with win and another with ubuntu and play.

In the mean while, post this in a ubuntu forum and ask why it is not working in your box.
Reply With Quote
  #8  
Old 3rd July 2011, 03:18
mjhasbach mjhasbach is offline
Junior Member
 
Join Date: May 2010
Posts: 14
Thanks: 2
Thanked 0 Times in 0 Posts
Default

I went ahead and made a similar topic on the Ubuntu forums. I will post the solution here if they figure out the problem before you. Thanks again.
Reply With Quote
  #9  
Old 5th July 2011, 00:10
mjhasbach mjhasbach is offline
Junior Member
 
Join Date: May 2010
Posts: 14
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Just an update: A user on the Ubuntu forums suggested socat, and I managed to forward my traffic properly with that.

Here's all I needed to do:

Code:
apt-get install socat
Foreground:
Code:
socat TCP-LISTEN:7777,fork TCP:x.x.x.x:7777
or
Background:
Code:
screen -S SOCAT1 socat TCP-LISTEN:7777,fork TCP:x.x.x.x:7777
While socat is getting the job done, there are still obvious advantages to using iptables.

Below is an excerpt from my post on the Ubuntu forums, which presents a theory as to why I'm receiving that error in iptables:

Quote:
I did some net research, and it seems my iptables problem may be caused by missing modules.

Here's the output of lsmod:

Code:
root@xx:~# lsmod
Module                  Size  Used by
This seems to indicate that I don't have any modules installed? I don't know how to add modules for iptables, but will do some more research. It apparently may involve compiling a new Linux kernel, which is something that I have no experience with and may cause issues in my case because I'm operating in an OpenVZ environment.
Further suggestions are welcome.
Reply With Quote
  #10  
Old 7th July 2011, 23:32
mjhasbach mjhasbach is offline
Junior Member
 
Join Date: May 2010
Posts: 14
Thanks: 2
Thanked 0 Times in 0 Posts
 
Default

For those of you that are interested, I managed to solve this myself.

Apparently, "ipt_MASQUERADE," the module that makes masquerading possible, is not (yet?) available in OpenVZ. The absence of this module is what causes the following command to fail:

Code:
root@xx:~# iptables -t nat -A POSTROUTING -d x.x.x.x -j MASQUERADE
iptables: No chain/target/match by that name.
I discovered that it was still possible to accomplish my goal, only that an alternate second command was required. So here's what I did.

1. Cleared out existing nat PREROUTING and POSTROUTING rules from earlier testing.
Code:
root@xx:~# iptables -t nat -F PREROUTING
root@xx:~# iptables -t nat -F POSTROUTING
2. Added the following two rules:
Code:
root@xx:~# iptables -t nat -A PREROUTING -p tcp -d x.x.x.x --dport 7777 -j DNAT --to y.y.y.y:7777
root@xx:~# iptables -t nat -A POSTROUTING -j SNAT --to-source x.x.x.x
*Where x.x.x.x represents the source IP and y.y.y.y represents the destination IP.

3. Saved iptables (necessary for changes to persist after reboot)
Code:
root@xx:~# iptables-save

Hope this helps someone...I know it would have helped me.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting Email Working ISPConfig3 Squirrelmail and Courier etc Ian Wilson Installation/Configuration 17 19th June 2013 23:58
Issues with Baruwa - The Perfect Spamsnake Ubuntu 10.10 neofire HOWTO-Related Questions 44 31st May 2011 16:09
Port forwarding issue entertheraptor Technical 13 6th February 2011 04:05
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 18:39
Mail Question: installed smf forum on centos perfect server setup with ispconfig happz Installation/Configuration 7 22nd August 2008 14:15


All times are GMT +2. The time now is 05:48.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.