Differences between current version and revision by previous author of PortForwarding.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
Newer page: | version 7 | Last edited on Friday, July 7, 2006 2:20:45 pm | by CraigBox | |
Older page: | version 4 | Last edited on Saturday, June 3, 2006 7:48:27 am | by AristotlePagaltzis | Revert |
@@ -1,12 +1,14 @@
-If you want
to be able to run
a process that responds to requests
on a [Port] below 1024 without running it as the SuperUser
, a simple approach is to have it bind
to some
port above 1024
, then configure
a lower layer in the NetworkStack to do the legwork
. On [Linux], a convenient way to achieve this is by using iptables(8):
+Port forwarding is the act of forwarding traffic destined
to a particular network port
on a machine
, to somewhere else - either another
port, on
a port on another machine
.
-<pre>
-iptables --table nat -A PREROUTING -p tcp --dport <i>$external_port</i> -i eth0 -j REDIRECT --to-ports <i>$local_port</i>
-</pre>
+Common uses:
-This way, you could have a process bind
to port 8080 locally
, but have it appear
to outsiders as though it was listening on
port 80.
+* allowing an Internet connected user
to connect to a
port on a private IP address behind a [NAT] (see PinHoling)
+* using [SSH] to create a tunnel
, allowing you
to access a
port you wouldn't normally be able to reach (see the "Port forwarding" section of our [SSHNotes])
-(Don’t forget to issue something like <tt>/etc/init.d/iptables save</tt> so this configuration won’t be lost on reboot.)
+See also:
-----
-UserSubmittedNotes
+* [http://www.portforward.com/] - instructions for port forwarding on many common home routers
+* [http://www.canyouseeme.org/] - test your port forwards from the Internet
+
+-
----
+CategoryNetworking