Monday, July 16, 2018

Setup Port Forwarding di Ubuntu 16.04

Setup Port Forwarding di Ubuntu
1. sudo ufw enable (enalbe firewall)
2. Enabling the Default Policies
    sudo ufw default deny incoming (Default incoming policy changed to 'deny')
    sudo ufw default allow outgoing (Default outgoing policy changed to 'allow')
3. sudo ufw allow ssh (Enabling SSH Connections)
4. sudo ufw allow 80 (Enabling HTTP)
5. Sudo ufw allow 443 (Enable https and do for others port)
6. sudo ufw deny 80 (deny http)
7. sudo ufw delete allow http
8. sudo ufw status numbered (check status port)


9. update /etc/ufw/before.rules
    *filter
   -A FORWARD -i eth0 -o eth1 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT
   -A FORWARD -i ens192 -o ens160 -p tcp --syn --dport 587 -m conntrack --ctstate NEW -j ACCEPT
   -A FORWARD -i ens192 -o ens160 -p tcp --syn --dport 465 -m conntrack --ctstate NEW -j ACCEPT
   -A FORWARD -i eth0 -o eth1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
   -A FORWARD -i eth1 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
   *nat
    :PREROUTING ACCEPT [0:0]
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    -A PREROUTING -i ens192 -d 203.125.90.92  -p tcp --dport 143 -j  DNAT --to-destination 172.16.10.18:143
    -A PREROUTING -i ens192 -d 203.125.90.92  -p tcp --dport 993 -j  DNAT --to-destination 172.16.10.18:993
    -A PREROUTING -i ens192 -d 203.125.90.92  -p tcp --dport 587 -j  DNAT --to-destination 172.16.10.18:587
    -A PREROUTING -i ens192 -d 203.125.90.92  -p tcp --dport 465 -j  DNAT --to-destination 172.16.10.18:465
    -A POSTROUTING -d 172.16.10.18 -o ens160 -p tcp --dport 587 -j  SNAT --to-source 172.16.80.104
    -A POSTROUTING -d 172.16.10.18 -o ens160 -p tcp --dport 465 -j  SNAT --to-source 172.16.80.104
    -A POSTROUTING -d 172.16.10.18 -o ens160 -p tcp --dport 143 -j  SNAT --to-source 172.16.80.104
    -A POSTROUTING -d 172.16.10.18 -o ens160 -p tcp --dport 993 -j  SNAT --to-source 172.16.80.104
    COMMIT

for machine with single network
9. update /etc/ufw/before.rules
*nat
 :PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

  -A PREROUTING -p tcp --dport 993 -j DNAT --to-destination 172.16.10.18:993
  -A PREROUTING -p tcp --dport 143 -j DNAT --to-destination 172.16.10.18:143
  -A PREROUTING -p tcp --dport 465 -j DNAT --to-destination 172.16.10.18:465
 -A PREROUTING -p tcp --dport 587 -j DNAT --to-destination 172.16.10.18:587
 -A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 172.16.10.18:25
 -A POSTROUTING -j MASQUERADE

COMMIT

*filter
  -A FORWARD -p tcp --syn --dport 143 -m conntrack --ctstate NEW -j ACCEPT
  -A FORWARD -p tcp --syn --dport 993 -m conntrack --ctstate NEW -j ACCEPT
  -A FORWARD -p tcp --syn --dport 587 -m conntrack --ctstate NEW -j ACCEPT
  -A FORWARD -p tcp --syn --dport 465 -m conntrack --ctstate NEW -j ACCEPT
  -A FORWARD -p tcp --syn --dport 25 -m conntrack --ctstate NEW -j ACCEPT
  -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

COMMIT









tool nya
1. iptables -t nat --line-numbers -L
2.  iptables -t nat -f POSTROUTING
3. iptables -t nat -f PREROUTING
4. iptables -S
5. systemctl restart ufw
6. iptables -L
Posted by at No comments:
Subscribe to: Posts (Atom)