port forwarding on VPS ? possible ?

Jan 18, 2005, 05:09 AM #1
firepages Guest Join: Posts: n/a	port forwarding on VPS ? possible ? Hi I want to try and forward requests from port 26 to port 25 on my VPS (the old ISP blocking port 25 issue) , but on a VPS you cant seem to query kernel modules let alone load anything , (grabbed this form other forum posting) .................................................. .................................................. ..... iptables -t nat -A PREROUTING -p tcp -d ..*. --dport 26 -j DNAT --to ..*.:25 .................................................. .................................................. ..... the message I get is ... .................................................. .................................................. ..... iptables v1.2.8: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. .................................................. .................................................. ..... so any ideas how else to forward e.g. port 26 to 25 on a VPS ? or alternately to configure qmail (as munged by plesk/Virtuozzo) to run on port 26 ? Regards, Simon.

Jan 18, 2005, 05:09 AM

firepages
Guest

Join:
Posts: n/a

port forwarding on VPS ? possible ?

Hi I want to try and forward requests from port 26 to port 25 on my VPS (the old ISP blocking port 25 issue) , but on a VPS you cant seem to query kernel modules let alone load anything , (grabbed this form other forum posting)

.................................................. .................................................. .....
iptables -t nat -A PREROUTING -p tcp -d **.**.***.** --dport 26 -j DNAT --to **.**.***.**:25
.................................................. .................................................. .....

the message I get is ...

.................................................. .................................................. .....
iptables v1.2.8: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
.................................................. .................................................. .....

so any ideas how else to forward e.g. port 26 to 25 on a VPS ?

or alternately to configure qmail (as munged by plesk/Virtuozzo) to run on port 26 ?

Regards,
Simon.

Jan 18, 2005, 09:55 PM #2
fenster Senior Member Join: Sep 2004 Posts: 429	Hi, You can't use nat inside a VPS. The easiest way to make a redirect without using iptables is Code: # cat > /etc/xinetd.d/redirect26 service redirect26 { port = 26 type = UNLISTED disable = no socket_type = stream wait = no user = root redirect = 127.0.0.1 25 } <press Ctrl+D> # chkconfig --level 2345 xinetd on # service xinetd restart Alternatively, just use any port forwarding program such as redir (http://rpmfind.net/linux/rpm2html/se...hp?query=redir). __________________ Alexander Fenster

Jan 18, 2005, 09:55 PM

fenster
Senior Member

Join: Sep 2004
Posts: 429

Hi,

You can't use nat inside a VPS.

The easiest way to make a redirect without using iptables is

Code:

# cat > /etc/xinetd.d/redirect26
service redirect26
{
        port                    = 26
        type                    = UNLISTED
        disable                 = no
        socket_type             = stream
        wait                    = no
        user                    = root
        redirect                = 127.0.0.1 25
}
<press Ctrl+D>
# chkconfig --level 2345 xinetd on
# service xinetd restart

Alternatively, just use any port forwarding program such as redir (http://rpmfind.net/linux/rpm2html/se...hp?query=redir).

__________________
Alexander Fenster

Jan 18, 2005, 11:45 PM #3
firepages Guest Join: Posts: n/a	Hey Alexander , cheers , the services thing does not seem to work (it lists itself in chkconfig as on but cant send mail though it) However I grabbed redir and that did the job so thankyou very much ! 1 more Q if you don't mind ? .. I started redir from ssh with the basics , redir --lport 26 --laddr ...** --cport 25 and as noted that works , I was wondering if I you would recommend setting any other switches etc ,I am running Plesk 7.5 if that helps at all ? I note when scanning my machine that though port 25 & port 26 show up , port 26 also returns the ESMTP response (port 25 does not) should I be worried about this ? or will all spam issues be dealt with automatically when traffic is rerouted to port 25 ? Thanks again , I had searched and searched , but all solutions before this one appeared to require kernel mods.

Jan 18, 2005, 11:45 PM

firepages
Guest

Join:
Posts: n/a

Hey Alexander , cheers , the services thing does not seem to work (it lists itself in chkconfig as on but cant send mail though it)

However I grabbed redir and that did the job so thankyou very much !

1 more Q if you don't mind ? .. I started redir from ssh with the basics ,

redir --lport 26 --laddr **.***.**.*** --cport 25

and as noted that works , I was wondering if I you would recommend setting any other switches etc ,I am running Plesk 7.5 if that helps at all ?

I note when scanning my machine that though port 25 & port 26 show up , port 26 also returns the ESMTP response (port 25 does not) should I be worried about this ? or will all spam issues be dealt with automatically when traffic is rerouted to port 25 ?

Thanks again , I had searched and searched , but all solutions before this one appeared to require kernel mods.

Jan 19, 2005, 12:24 AM #4
fenster Senior Member Join: Sep 2004 Posts: 429	First of all, I'm not sure how your server is supposed to receive incoming e-mail if port 25 is closed. By default, your Plesk qmail server is configured to forbid so-called "open relaying". You can list all IP addresses which are allowed to send e-mail in your Plesk panel, Server -> Mail -> White list. __________________ Alexander Fenster

Jan 19, 2005, 12:26 AM #5
fenster Senior Member Join: Sep 2004 Posts: 429	Also, don't forget to make sure that your redir will be started automatically after reboot. Add it to crontab (crontab -e, @reboot record) or make special init script. __________________ Alexander Fenster

Jan 19, 2005, 12:54 AM

firepages
Guest

Join:
Posts: n/a

Quote:

Originally posted by fenster
First of all, I'm not sure how your server is supposed to receive incoming e-mail if port 25 is closed.

sorry , I was not clear , several of my clients here in Oz are on ISP's that block outgoing traffic on port 25 ~

For most of them switching to secure mail on ssl/465 works , but for mac users & some exchange clients that is not working reliably so I wanted to offer an alternative to those clients.

Yes I am worried about running an open relay , since I got stung when I first got my VPS (default install was an open relay though that may have been my vendor rather than plesk/virtuozzo issue)

I have added a startup command to rc.local & gonna test it now.

Thanks again,
Regards,
Simon.

Jan 19, 2005, 12:24 PM #7
SHaRKTooTH Guest Join: Posts: n/a	Make sure you configure the port redirector to show the original sender and not itself. Otherwise anyone connecting on port 26 will look like they are coming from 127.0.0.1 which your MTA is most likely setup to relay. If this is the case, anyone would be able to use port 26 for spamming even though your mail server is locked down.

Oct 9, 2006, 03:31 PM #8
JZMatrix Junior Member Join: Apr 2005 Posts: 17	Just to throw a few sticks in the spokes.. Does anybody know why you can't use the NAT iptables tables within a VPS? Most of my physical machines work on the specify allowed ports and then have everything else redirected into oblivious which prevents most scanners from even detecting the port is filtered since it's being redirected to a closed port. I tend to feel safer with this setup instead of the stock Plesk firewall approach, piling everything into the stock filter table. I am currently in the process of establishing an ecommerce business on a Plesk server and need the 'warm friendly' that my server is locked down to my comfort level before I can deploy this site. Any ideas?

Oct 9, 2006, 03:31 PM

JZMatrix
Junior Member

Join: Apr 2005
Posts: 17

Just to throw a few sticks in the spokes.. Does anybody know why you can't use the NAT iptables tables within a VPS? Most of my physical machines work on the specify allowed ports and then have everything else redirected into oblivious which prevents most scanners from even detecting the port is filtered since it's being redirected to a closed port.

I tend to feel safer with this setup instead of the stock Plesk firewall approach, piling everything into the stock filter table. I am currently in the process of establishing an ecommerce business on a Plesk server and need the 'warm friendly' that my server is locked down to my comfort level before I can deploy this site.

Any ideas?

Oct 11, 2006, 11:58 PM #9
ewtech Junior Member Join: Sep 2005 Posts: 24	Hi; I think you can try this, http://eng.ewtech.com.tw/ May be can solve your problem. Thanks!

Post Reply

« Previous Thread | Next Thread »

Search this thread	Forum jump
Advanced Search

Thread tools	Display modes
Printable Version Email this Page	Linear Mode Hybrid Mode Threaded Mode

Parallels

port forwarding on VPS ? possible ?