Differences between current version and predecessor to the previous major change of PortForwarding.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 7 | Last edited on Friday, July 7, 2006 2:20:45 pm | by CraigBox | |
| Older page: | version 3 | Last edited on Saturday, September 11, 2004 3:22:57 pm | by CraigBox | Revert |
@@ -1,22 +1,14 @@
-After asking PerryLorier about allowing
a user process to bind to
port 80
, the response that he and JohnMcPherson gave didn't leave me feeling all too inspired about achieving the task without stress and fatigue.%%%
-%%%
-<Bryin> Isomer: Do you know how
to let user processes bind to ports < 1024%%%
-<@Isomer> Bryin: run as root?%%%
-<@Isomer> or give them cap_net IIRC%%%
-<kinko> Bryin: only root can... normally your program is setuid root
, and after binding to the
port it immediately changes to nobody or some other normal user%%%
-<@Isomer> Bryin: the answer is, normally it doesn't work very well at all
.%%%
-<@Isomer> as root you can give yourself the cap_net_bind privilege, then change user, keeping that privilege%%%
-<Bryin> I'll wiki this when I find a tidy solution%%%
+Port forwarding is the act of forwarding traffic destined to
a particular network
port on a machine
, to somewhere else - either another port
, on a
port on another machine
.
-After this dialogue on the [IRC] channel of [#wlug], I proceeded to think about cats and skinning. I then realised, "There is another solution!".
-I had decided I was going to make the application (a [Java] server) bind to port 8080 and get the OperatingSystem to perform the legwork.
+Common uses:
-Thankfully this turned out
to be much easier than I expected.
+* allowing an Internet connected user
to connect to a port on a private IP address behind a [NAT] (see PinHoling)
+* using [SSH] to create a tunnel, allowing you to access a port you wouldn't normally
be able to reach (see the "Port forwarding" section of our [SSHNotes])
-I configured the port forwarding with the command below (replacing content between the angled brackets with the appropriate port numbers)
- iptables --table nat -A PREROUTING -p tcp --dport <incoming port> -i eth0 -j REDIRECT --to-ports <local port>
+See also:
-Then I saved the configuration so that things work after, heaven forbid, a reboot!
-
/etc
/init
.d
/iptables save
-----
-UserSubmittedNotes
+* [http://www.portforward.com/] - instructions for port forwarding on many common home routers
+* [http:
//www
.canyouseeme.org
/] - test your port forwards from the Internet
+
+-
----
+CategoryNetworking
