Thursday, 4 July 2013

Port forwarding issue


Someone on ServerFault asked the following question for which I gave the answer. It was later accepted by the questioner. 
=====================================================================
So, the question was:
I have a Router and four computer connected as the local network.
IPs:
Router(192.168.8.1)(internet ip:125.119.203.127)
      server1(192.168.8.3)
      my computer(192.168.8.8)
      ......
The server1 runs on the RedHat Linux which is set to use the port-redirect, to redirect port 80 to 8081. While the tomcat in this server use the port 8081.
[root@server1 bin]# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 3169 packets, 274K bytes)
 pkts bytes target     prot opt in     out     source               destination
    4   208 REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:222 redir ports 22
  221 14971 REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 8081

Chain POSTROUTING (policy ACCEPT 2253 packets, 141K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 2252 packets, 140K bytes)
 pkts bytes target     prot opt in     out     source               destination
Now in my computer, I can access the site in the local network use browser:
http://192.168.8.3
http://192.168.8.3:8081
The Router is configurated to redirect the port 80 to port 80 on 192.168.8.3
But I can not access the site using the internet address:
http://125.119.203.127
Normally, this request should be dispatched to server1 192.168.8.3:80, then server1 will redirect to port 8081.
Then I change the configuration of the Router, to redirect the port 80 to port 80 on my computer.
Then I can access: http://125.119.203.127
So what is the problem?
=====================================================================
For which, my answer was:
From outside the network use namp to check whether port 8081 is available externally
$ nmap -PN external_ip
This command will show all listening services externally. Since you can access the site using internally http://<internal_ip>:8081, the issue is with the router.
As you have mentioned that "The Router is configurated to redirect the port 80 to port 80 on ", what configuration is done to forward port 8081 from the router to the internal server?
I think you need to forward port 8081 from the router to port 80 to the internal server.



Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)