open same port in firewall for multiple internal ips

Home Page Forums Network Management ZeroShell open same port in firewall for multiple internal ips

This topic contains 2 replies, has 0 voices, and was last updated by  kingjm 10 years, 8 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #41348

    kingjm
    Member

    I need to open external ports UDP 5060:5061 and UDP 123 to internal ips 192.168.1.190 and 192.168.1.191

    I go to the Firwall and select ACCEPT INPUT UDP Destination 5060:5061

      Chain INPUT (policy ACCEPT 32 packets, 3903 bytes)
      pkts bytes target prot opt in out source destination
      0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpts:5060:5061
      0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123

      Chain OUTPUT (policy ACCEPT 49 packets, 23419 bytes)
      pkts bytes target prot opt in out source destination
      0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp spts:5060:5061
      0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:123

    However when i test these ports with grc.com ports scanner they are still closed. What am I doing wrong?

    #47254

    imported_fulvio
    Participant

    The INPUT and OUTPUT chains only control the traffic generated by the local processes of Zeroshell. To control the routed and bridged traffic instead, you have to use the FORWARD chain.

    Regards
    Fulvio

    #47255

    kingjm
    Member

    Thanks for replying.

    So when creating a firewall rule can I use:

      pkts bytes target prot opt in out source destination
      0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 destination IP range 192.168.1.190-192.168.1.191 udp dpts:5060:5061

    I am not sure how to forward ports to more than one internal ip.

    #47256

    jt
    Member

    If you only have one public IP address, a port can only be forwarded to one internal IP address.

    Someone at an IP on the internet wants to connect to your port 5060. They make the connection to your public IP, port 5060 and it is forwarded to your internal server, for instance 192.168.12.50

    There’s no easy way to decide that a connection request to 5060 needs to go to a different server 192.168.12.51 instead. Typically, if two internal servers need to listen for connections, one of them needs to be changed to a different port number on zeroshell.

    You don’t need to edit the iptables rules, instead use the Router–>Virtual Server tab. It does have the option to divide the connections between multiple internal servers, but one particular server can’t be selected that way.

    Example. First server:

    Interface ETH01 (the internet port)
    IP address ANY (anyone can connect)
    Protocol TCP
    Local Port 5060
    Real Server 192.168.12.50:5060

    Second server:
    Interface ETH01 (the internet port)
    IP address ANY (anyone can connect)
    Protocol TCP
    Local Port 5160 (a different port on your public IP)
    Real Server 192.168.12.51:5060 (the same port on a different server)

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.