How to enable port forwarding in debian 7 wheezy

Posted by Md. Mahidul Hasan on 9:07 AM with No comments

Basic Static Routing Part #1 (Port forwarding)

My network diagram:

Here host#1 is our gateway server. And host#2, host#3 are workstations. Lets, Set ip addresses to the interfaces at host#1,
root@host1:~# nano /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth1
allow-hotplug eth1
iface eth1 inet static
        address 192.168.1.11
        netmask 255.255.255.0
        gateway 192.168.1.1

auto eth2
allow-hotplug eth2
iface eth2 inet static
        address 10.1.0.1
        netmask 255.255.255.0

auto eth3
allow-hotplug eth3
iface eth3 inet static
        address 172.16.1.1
        netmask 255.255.255.0



Set ip an address to the interfaces at host#2,
root@host2:~# nano /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth4
allow-hotplug eth4
iface eth4 inet static
        address 10.1.0.2
        netmask 255.255.255.0
        gateway 10.1.0.1


Set ip an address to the interfaces at host#3,
root@host3:~# vim /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth4
allow-hotplug eth4
iface eth4 inet static
        address 172.16.1.2
        netmask 255.255.255.0
        gateway 172.16.1.1


Now if you ping from the host#2 to host#3 you will not get access cause our gateway server's Ethernet ports aren't listing to each others. To enable it we have to activate port forwarding.
So, Lets go to the host#1 again and Enable the port forwarding like below,

root@host1:~# vim /etc/sysctl.conf
net.ipv4.ip_forward=1

One last step, activate the port forwarding,
root@host1:~# sysctl -p
net.ipv4.ip_forward = 1


Now, if you ping from the host#2 to host#3 you will get reply.

root@host2:~# ping 172.16.1.2
PING 172.16.1.2 (172.16.1.2) 56(84) bytes of data.
64 bytes from 172.16.1.2: icmp_req=1 ttl=63 time=4.43 ms
64 bytes from 172.16.1.2: icmp_req=2 ttl=63 time=0.663 ms
64 bytes from 172.16.1.2: icmp_req=3 ttl=63 time=0.635 ms
^C
--- 172.16.1.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 0.635/1.910/4.432/1.783 ms


root@host3:~# ping 10.1.0.2
PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data.
64 bytes from 10.1.0.2: icmp_req=1 ttl=63 time=0.663 ms
64 bytes from 10.1.0.2: icmp_req=2 ttl=63 time=0.586 ms
64 bytes from 10.1.0.2: icmp_req=3 ttl=63 time=0.604 ms
64 bytes from 10.1.0.2: icmp_req=4 ttl=63 time=0.641 ms
^C
--- 10.1.0.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.586/0.623/0.663/0.039 ms


Please note that we didn't add any route at host#1 cause all the network is connected directly with host#1. That's why we didn't need to add a route, we have just enable port forwarding.

Hope this will document helps you to make a batter understanding. :-D