Results 1 to 9 of 9

Thread: port forwarding on VPS ? possible ?

  1. #1
    firepages
    Guest

    Default port forwarding on VPS ? possible ?

    Hi I want to try and forward requests from port 26 to port 25 on my VPS (the old ISP blocking port 25 issue) , but on a VPS you cant seem to query kernel modules let alone load anything , (grabbed this form other forum posting)

    .................................................. .................................................. .....
    iptables -t nat -A PREROUTING -p tcp -d **.**.***.** --dport 26 -j DNAT --to **.**.***.**:25
    .................................................. .................................................. .....

    the message I get is ...

    .................................................. .................................................. .....
    iptables v1.2.8: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
    .................................................. .................................................. .....

    so any ideas how else to forward e.g. port 26 to 25 on a VPS ?

    or alternately to configure qmail (as munged by plesk/Virtuozzo) to run on port 26 ?


    Regards,
    Simon.



  2. #2

    Default

    Hi,

    You can't use nat inside a VPS.

    The easiest way to make a redirect without using iptables is

    Code:
    # cat > /etc/xinetd.d/redirect26
    service redirect26
    {
            port                    = 26
            type                    = UNLISTED
            disable                 = no
            socket_type             = stream
            wait                    = no
            user                    = root
            redirect                = 127.0.0.1 25
    }
    <press Ctrl+D>
    # chkconfig --level 2345 xinetd on
    # service xinetd restart
    Alternatively, just use any port forwarding program such as redir (http://rpmfind.net/linux/rpm2html/se...hp?query=redir).
    Alexander Fenster



  3. #3
    firepages
    Guest

    Default

    Hey Alexander , cheers , the services thing does not seem to work (it lists itself in chkconfig as on but cant send mail though it)

    However I grabbed redir and that did the job so thankyou very much !


    1 more Q if you don't mind ? .. I started redir from ssh with the basics ,

    redir --lport 26 --laddr **.***.**.*** --cport 25

    and as noted that works , I was wondering if I you would recommend setting any other switches etc ,I am running Plesk 7.5 if that helps at all ?

    I note when scanning my machine that though port 25 & port 26 show up , port 26 also returns the ESMTP response (port 25 does not) should I be worried about this ? or will all spam issues be dealt with automatically when traffic is rerouted to port 25 ?

    Thanks again , I had searched and searched , but all solutions before this one appeared to require kernel mods.



  4. #4

    Default

    First of all, I'm not sure how your server is supposed to receive incoming e-mail if port 25 is closed.

    By default, your Plesk qmail server is configured to forbid so-called "open relaying". You can list all IP addresses which are allowed to send e-mail in your Plesk panel, Server -> Mail -> White list.
    Alexander Fenster



  5. #5

    Default

    Also, don't forget to make sure that your redir will be started automatically after reboot. Add it to crontab (crontab -e, @reboot record) or make special init script.
    Alexander Fenster



  6. #6
    firepages
    Guest

    Default

    Originally posted by fenster
    First of all, I'm not sure how your server is supposed to receive incoming e-mail if port 25 is closed.
    sorry , I was not clear , several of my clients here in Oz are on ISP's that block outgoing traffic on port 25 ~

    For most of them switching to secure mail on ssl/465 works , but for mac users & some exchange clients that is not working reliably so I wanted to offer an alternative to those clients.

    Yes I am worried about running an open relay , since I got stung when I first got my VPS (default install was an open relay though that may have been my vendor rather than plesk/virtuozzo issue)

    I have added a startup command to rc.local & gonna test it now.

    Thanks again,
    Regards,
    Simon.



  7. #7
    SHaRKTooTH
    Guest

    Default

    Make sure you configure the port redirector to show the original sender and not itself. Otherwise anyone connecting on port 26 will look like they are coming from 127.0.0.1 which your MTA is most likely setup to relay. If this is the case, anyone would be able to use port 26 for spamming even though your mail server is locked down.



  8. #8
    Kilo Poster
    Join Date
    Apr 2005
    Posts
    17

    Default

    Just to throw a few sticks in the spokes.. Does anybody know why you can't use the NAT iptables tables within a VPS? Most of my physical machines work on the specify allowed ports and then have everything else redirected into oblivious which prevents most scanners from even detecting the port is filtered since it's being redirected to a closed port.

    I tend to feel safer with this setup instead of the stock Plesk firewall approach, piling everything into the stock filter table. I am currently in the process of establishing an ecommerce business on a Plesk server and need the 'warm friendly' that my server is locked down to my comfort level before I can deploy this site.

    Any ideas?



  9. #9

    Default

    Hi;
    I think you can try this,
    http://eng.ewtech.com.tw/
    May be can solve your problem.
    Thanks!



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •