Comments on NAT Gateway, Iptables, Port Forwarding, DNS And DHCP Setup - Ubuntu 8.10 Server

a note for newbies: VI is hard to learn and easy to forget if not been using for a while but it's "legacy" and you can find it and using it in very old systems.

I've had zero luck with port forwarding 5900 to another Ubuntu machine. I'm running Ubuntu 8.10 64-bit server for my DHCP/NAT and hopefully someday VPN services. All in terms of internet access works great for connecting clients with the exception of the "Pinger Plus" device which cannot get an IP from my Ubuntu server, however, can obtain an address and ping with no problems if I use a windows or Cisco DHCP server. Not a huge deal but if anyone happens to know.

 As far as the port forwarding goes, I've tried every flavor of the instructions above. Help is greatly needed!

 

Thanks!

nano does have syntax highlighting.

Fixed the netmask problem.  Restarting insures everything is working.  Of course many times you could just do a /etc/init.d/networking restart ...

 But sometimes it's just better to tell people to restart.  

"As a side note, if you don't know how to use VI use nano or learn VI."

 Nano is 100 times better than that old cluncky VI.

Your side / "funny" comments are so annoying I couldn't follow the article.... For the time being I'll stick to my ClarkConnect server...

There really are not that many "funny" comments.  Lighten up..

 VI is far more powerful then nano, as VI does syntax highlighting ect.

Also, imagine you had someone who edited a file in notepad and now your document is full of ^M or somthing, with vi you could do

1,$ s/^M//g  to remove them... 

 You cant just do ^M though, you need to hit ctrl v to tell vi to use the literal input, then ctrl m to get your ^M.  Now imagine if you has a whole slew of changes to make at once, you can also do that with vi, also, imagion if you had multipal files, since vi uses ex, you can make those changes to all the files at once!  Very powerful stuff.  You will find that most real coder's still use VI or VIM.  Some use emacs which is also very good, but VI is the standard still.  Also, imagion you get your first job, as it sounds if your young, but.. you get your first job, and you get on a unix box.  No pico, no nano, no ee, but what is in ALL distrobutions of Unix???  VI!  Learning to work with bare bone tools that are always there will save your self lots of troble..

Hello all.

I think you've done a brilliant job and we should thank people who share their knowledge with others, instead of making ridiculous comments such as "Annoying comments" etc..

 

I personally thank you, I just wanted to ask you one thing,

I have a back-end webserver which resides on example : 192.168.1.3

A DHCP DNS servers which both run on the same machine on 192.168.1.1

Another Machine hosts the Proxy server (Squid3) on 192.168.1.4

Now I need to be able to use IPtables to forward all connections to the proxyserver  192.168.1.4

I want the proxy server to intercept all incoming connections and forward them accordingly to the back end server(s) and services.

But I am very limited in using iptables, can anyone here help with some suggestions please?

At the moment the iptables is set to allow simple browsing and access to the internet.

 

Internet >>> Machine (A) (router, DHCP, DNS) >>Switch >>(clients)  Machine (B) Proxy and webserver(s)

To the switch are connected the web-servers, the proxy-server and 3 windows clients 

It is set  in that order I hope it's clear, how can I do that please??

I will appreciate any help and thank you all :)

Regards

 

try this links

https://www.howtoforge.com/dansguardian-content-filtering-with-transparent-proxy-on-ubuntu-9.10-karmic

1. There is not neccessity to restart.

2. Your set of ip, network and netmask is wrong.

 

Read more.

In the dhcpd.conf "subnet 172.17.0.0" should be  "subnet 172.17.207.0"

Thanks, I have been looking around trying to get my DNS setup correctly and your article helped.

Thanks a lot. :)  

 

Just try this in nano

vi -O2 <file1> <file2>

or

vi -d <file1> <file2>

and commands in vi are *so* much more powerful

The quote I always repeat whenever anyone complains how hard vi is to learn is:

Yeah, it might be a steep hill to climb, but once you get to the top, you can fly.

Not sure how I missed the message to not ask for help here, moving this to the forums :).

 

Seth

I am very sorry but I never understood this guy guides, I know it could be just me. In this he did not mentioned about default gateway for LAN where we are setting static IP address. Will any internet connection work without gateway? Not sure about that so please help. I thought gateway is the main door to enter to other networks. Again I could be worng

Thank you for reading my stupid comments

You may very well have figured this out already...

However, if you havn't, I wanted to post for others that you are correct in saying a gateway address is always needed for internet access.

 

When a computer has two or more NICs (Network Interface Cards), it needs to know which card gets it to the internet. It knows to always use the one with the default gateway listed. 

The other card probably eth1, does not connect to the internet, rather other computer connect to it as their default gateway to connect to the internet (internet sharing).

Hope this helps someone out.

I am moving from a freeBSD router/gateway computer to Ubuntu, and am stuck on 1:1 Nat'ing.

 I have a class C subnet from my ISP, and connect using PPPoE. 

 In freeBSD the PPP daemon could do nat'ing, and was as easy as:

ppp.conf: ( public IPs changed to protect me )

...

    nat enable yes
    nat addr 192.168.1.2 x.x.x.170
    nat addr 192.168.1.3 x.x.x.171
    nat addr 192.168.1.4 x.x.x.172
    nat addr 192.168.1.5 x.x.x.173
    nat addr 192.168.1.6 x.x.x.174
    nat same_ports yes
    nat use_sockets yes

...

 Would you have some suggestions on how to configure iptables to provide this behavior?

( selected IPs get an external IP through NAT ( snat? ), all other IPs get normal NAT )

Thanks, 

Seth

So i just went through this entire article. It has been awhile since i have setup with linux but this tutorial was very well written.

I noticed in order for everything to work i needed to add these lines before the Exit 0 line in the iptable list

/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE

and also the gateway didnt want to replicate out to the clients so i changed the order of option routers to just under the ddns update style...

ddns-update-style none;
option routers 172.17.207.121;

 

but other than that it is up smoothly... now i have to play around with IPtables to limit access to specific addresses...

Thank you!

finally, i can implement this tutorial for my old cpu successfuly. but in the client, YM cannot connect to the server. how to solve this?thanks before for the reply!

I've been struggling for a couple days to get my network set up the way I wanted (with the equipment I have on hand), and your instructions were exactly what I needed to get it up and running.

.local is a poor choice for a domain name, as it used as a default domain in avahi (zeroconf/mDNS implementation). It is better to use something else (or use nothing and rely on avahi).

Using bind and dhcp-server for a home network is overkill, try dnsmasq.

Hi, The way u narrate is really awesome. Its easy to configure even for a start up like me.

I have configured every thing as above but at the end when i tried to give the
"sudo /etc/init.d/named start" command its showing the following message

"sudo: /etc/init.d/named: command not found"  so what could be the problem...

can u please help u out in this issue....

Try /etc/init.d/bind9

Hi, the tutorial is great.

It almost worked for my on Debian 8 and with isc-dhch-server. I say it almost worked becouse I have a small problem. Dhcp works for lan computers and also the lan computers have internet access. I will try to explaim the problem. Let's say I do a search for "debian dhcp" on google half of the results doesn't load in the web browser. It looks like some of the webpages dont work. I think it's a dns problem but I dont know how to solve it. Of course I added dns ip's of my isp. 

Sorry for the long comment.

Thank you!

Hi,

I am trying to do port forwarding to can access RemoteDesktop but still i cant connect remote eve if i add

 

/sbin/iptables -P FORWARD ACCEPT /sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d jgibbs.dyndns.org --dport 3389 -j DNAT --to 172.17.207.4:3389I use vmbr0 interface. Can you help me?

Hi Guys

as stupid this might sound but I'm not sure what you mean by "Take your first network card, and plug your WAN connection into it" on my current ubuntu server, ive only got eth0 but when i try to add eth1, its coming up with eth1: ERROR while getting interface flags: No such device

Im able to create virtual eth0:1 but when i do a route -n or netstat -r -n i cant see eth1:0

Im stuck. can anybody help please? I live in the Uk and i have a basic talktalk router for internet connection

 

hello all, I have a simple question. I dont have a router. i connect to the internet through a usb dongle or through hotspot from my android phone. i want to be able to view my web server outside my local network... i have apache server running on my local network in germany and i want my friend in france to be able to view it if i give him my external (public) ip address. how do i configure the NAT Gateway, Iptables, Port Forwarding, DNS And DHCP Setup, etc to be able to achieve that? my operating system is kali linux rolling edition (2016). if its not possible (which i doubt), is there a software i can use to be able to achieve that? My goal is to allow someone outside my home network to view my webpage on port 80. thanks

Hi James!

Phone tethering doesn't allow for port forwarding in any phone I've seen. USB dongle would need to support port-forwarding in it's firmware.

You will need to make sure that your cell service provider exposes device IP's publicly and not through a NAT or firewall.

I'd get a real full-size router with 3g/4g support and sim-card slot. That way you can set up port-forwarding.

So IF port-forwarding is ok, and IF the csp doesn't block traffic then you should only need to set up dynamic dns so users can connect to you.