Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I have two ubuntu devices which I am trying to port forward between port 8080 to

ID: 3866968 • Letter: I

Question

I have two ubuntu devices which I am trying to port forward between port 8080 to port 80 using iptables. I have enabled port forwarding because when I type sysctl net.ip4.ip_forward and sysctl -p, I get the output net.ipv4.ip_forward=1.

I checked if iptables is running on my system by doing:

lsmod|grep iptable

And do receive an output, which is good.

However, when I try to start iptables with, sudo systemctl start iptables, I get the output:

"Failed to start iptables.service:Unit iptables.service failed to load: No such file or directory."

I don't understand why I am getting this error when I did install iptables? How do I fix this error? My NAT rules are inputted and work correctly, I just can't get the iptables service to activate on ubunutu.

Please help me fix the error of starting iptables.service

Explanation / Answer

How do you port forward on a linux device---

Introduction

NAT, or network address translation, is a general term for mangling packets in order to redirect them to an alternative address. Usually, this is used to allow traffic to transcend network boundaries. A host that implements NAT typically has access to two or more networks and is configured to route traffic between them.

Port forwarding is the process of forwarding requests for a specific port to another host, network, or port. As this process modifies the destination of the packet in-flight, it is considered a type of NAT operation.

In this guide, we'll demonstrate how to use iptables to forward ports to hosts behind a firewall by using NAT techniques. This is useful if you've configured a private network, but still want to allow certain traffic inside through a designated gateway machine. We will be using two Ubuntu 14.04 hosts to demonstrate this.
Prerequisites and Goals

To follow along with this guide, you will need two Ubuntu 14.04 hosts in the same datacenter with private networking enabled. On each of these machines, you will need to set up a non-root user account with sudo privileges. You can learn how to create a user with sudo privileges by following our Ubuntu 14.04 initial server setup guide.

The first host will function as our firewall and router for the private network. For demonstration purposes, the second host will be configured with a web server that is only accessible using its private interface. We will be configuring the firewall machine to forward requests received on its public interface to the web server, which it will reach on its private interface.
Host Details

Before you begin, we need to know the what interfaces and addresses are being used by both of our servers.

Finding Your Network Details

To get the details of your own systems, begin by finding your network interfaces.
$ip -4 addr show scope global

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 198.51.100.45/18 brd 45.55.191.255 scope global eth0
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 192.168.1.5/16 brd 10.132.255.255 scope global eth1
       valid_lft forever preferred_lft forever

Setting Up the Web Server

Install Nginx

The first process we will complete is to install Nginx on our web server host and lock it down so that it only listens to its private interface. This will ensure that our web server will only be available if we correctly set up port forwarding.

Begin by updating the local package cache and using apt to download and install the software:

   webserver $ sudo apt-get update
    webserver $ sudo apt-get install nginx

*filter
# Allow all outgoing, but drop incoming and forwarding packets by default
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

# Custom per-protocol chains
:UDP - [0:0]
:TCP - [0:0]
:ICMP - [0:0]

# Acceptable UDP traffic

# Acceptable TCP traffic
-A TCP -p tcp --dport 22 -j ACCEPT

# Acceptable ICMP traffic

# Boilerplate acceptance policy
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i lo -j ACCEPT

# Drop invalid packets
-A INPUT -m conntrack --ctstate INVALID -j DROP

# Pass traffic to protocol-specific chains
## Only allow new connections (established and related should already be handled)
## For TCP, additionally only allow new SYN packets since that is the only valid
## method for establishing a new TCP connection
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
-A INPUT -p icmp -m conntrack --ctstate NEW -j ICMP

# Reject anything that's fallen through to this point
## Try to be protocol-specific w/ rejection message
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable

# Rules to forward port 80 to our web server

# Web server network details:

# * Public IP Address: 203.0.113.2
# * Private IP Address: 192.0.2.2
# * Public Interface: eth0
# * Private Interface: eth1
#
# Firewall network details:
#
# * Public IP Address: 203.0.113.15
# * Private IP Address: 192.0.2.15
# * Public Interface: eth0
# * Private Interface: eth1
-A FORWARD -i eth0 -o eth1 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# End of Forward filtering rules

# Commit the changes

COMMIT

*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

# Rules to translate requests for port 80 of the public interface
# so that we can forward correctly to the web server using the
# private interface.

# Web server network details:

# * Public IP Address: 203.0.113.2
# * Private IP Address: 192.0.2.2
# * Public Interface: eth0
# * Private Interface: eth1
#
# Firewall network details:
#
# * Public IP Address: 203.0.113.15
# * Private IP Address: 192.0.2.15
# * Public Interface: eth0
# * Private Interface: eth1
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.0.2.2
-A POSTROUTING -d 192.0.2.2 -o eth1 -p tcp --dport 80 -j SNAT --to-source 192.0.2.15
# End of NAT translations for web server traffic
COMMIT

*security
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT

*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT


Try this

sudo iptables -t nat -A OUTPUT -p tcp -m tcp --dport 999 -j DNAT --to-destination :443

The traffic for port 999 should be forwarded to the server you run this command on.

Related Questions

I have two questions that I need help with. 1. After the following statements ex
Question #3666650
I have two questions that are confusing me and I would appreciate an explanation
Question #1589441
I have two questions that im not able to do it in java.Anyhelp would be great th
Question #3609200
I have two questions to ask the first one labeled #10 and the second one labeled
Question #3076050
I have two questions. 2) Suppose after charging a 4.7 mu F capacitor to 5 V, you
Question #2230346
I have two questions. After compilation of any C program result is assembly lang
Question #654878
I have two questions..please answer all and i will rate! Thank you In Waves (tra
Question #250221
I have two questions: 1) TRUE or FALSE? Explain your answer The isoelectric poin
Question #572065

Navigate

Previous
I have two tree data-structures that I made in C++ , and they give a response fo
Next
I have typed out a switch statement with three cases and a default. Now, I need