Linux – Forwarding MySQL connection with iptables and differents network interfaces

iptableslinuxMySQLnat;port-forwarding

I have a PC with Ubuntu as a router. It has a 3G connection with a public IP to the Internet, and there is a private wireless subnet. So it has two active interfaces:

ppp0: public IP (WAN)
wlan0: private IP (LAN)

With iptables I wannt to forward every MySQL connection (port 3306) to a local machine (10.42.43.10) of the subnet.

I type these iptables commands:

iptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 3306 -j DNAT --to 10.42.43.10:3306
iptables -A FORWARD -p tcp -i ppp0 -o wlan0 -d 10.42.43.10 --dport 3306 -j ACCEPT

But it doesn't work. telnet publicip 3306 fails 🙁

Any help will be appreciated. Thanks!

Best Answer

You can create a ssh tunnel for forwaring the connections. It's much easier and secure than using iptables:

ssh -L YOUR_PUBLIC_IP:3306:10.42.43.10:3306 YOUR_USER@10.42.43.10

You will have to enter the ssh user credentials and the redirection through tunnel will be done. Fast, easy and secure :)

Related Solutions

Linux – iptables port forward forwarding

You're sending the traffic to 10.52.208.221. Given the config you posted, your problem is the webserver, not the firewall. Your rules look to be correct. FORWARD and INPUT are redirected to RH-Firewall-1-INPUT where your first rule is to allow all traffic. As somebody else pointed out, you could be allowing all traffic on eth1, while the world is actually coming in eth0. Secondary, you have to NAT the traffic as it goes back out to the world

iptables --table nat --append POSTROUTING --proto tcp --dport 80 --jump MASQUERADE -o OUT_INTERFACE

Your traffic originating from the router will never hit the input or forward chains, but instead traverse the output chain on to the webserver. Other systems in that subnet will similarly go directly to the webserver. Systems out on the world at large however will traverse the INPUT / FORWARD chains and need SNAT as well as DNAT so that it appears to the world to be one machine. You still cannot test from within your network. you must test from the opposite interface from the webserver. Get me your IP addresses and I'll point you to the proper configs.

Centos – Portforwarding with IPTABLES and Remote IP detection

It looks like it is coming from the first router as it SNAT-ted. So remove the SNAT rule to keep the original source IP address of incoming traffic.
Then, tell the second server that its default router should be the first server which knows how to route it back to the source.

I assume that all the other things are configured properly:

IP forwarding enabled
no other blocking iptables rules

Best Answer

Related Solutions

Linux – iptables port forward forwarding

Centos – Portforwarding with IPTABLES and Remote IP detection

Related Topic