🔀Port Forwarding For Local SSH, WebServer, and FTP Service

Introduction

Port forwarding is a mechanism that allows users to direct incoming data traffic to specific ports on a router or firewall to specific devices within a local network. Every device connected to the internet has a unique IP address and port. Port forwarding ensures that requests or data coming in through a particular port are forwarded to the intended device.

Port forwarding is very useful, and can be used for many different functions ranging from better security and blocking unwanted access, to playing games, managing home camera access, and so on. Also useful for remote computer access and hiding yourself or your network from prying eyes.

Toppology

Configuration Router

In this material, when someone SSH there will be 2 possibilities.

When SSH to port 22, he is redirected to Debian 10- Router
When SSH to port 222, he is redirected to Debian 10- Server

Configuration IPTABLES DMZ (SSH)

iptables -A INPUT -p tcp -m multiport -d 192.168.91.150 --dport 22 -j ACCEPT
iptables -A FORWARD -p tcp -m multiport -d 11.1.25.1 --dport 22 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -m multiport -d 192.168.91.150 --dport 222 -j DNAT --to 11.1.25.1:22

Configuration IPTABLES DMZ (FTP)

iptables -A INPUT -p tcp -m multiport -d 192.168.91.150 --dport 21 -j ACCEPT
iptables -A FORWARD -p tcp -m multiport -d 11.1.25.1 --dport 21 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -m multiport -d 192.168.91.150 --dport 21 -j DNAT --to 11.1.25.1:21

Configuration IPTABLES DMZ (HTTP server)

iptables -A INPUT -p tcp -m multiport -d 192.168.91.150 --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp -m multiport -d 11.1.25.1 --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -m multiport -d 192.168.91.150 --dport 80 -j DNAT --to 11.1.25.1:80

Configuration Server

Install vsftpd

apt install vsftpd

*attention

Proftpd and vsftpd are two very popular FTP servers for Unix/Linux systems. Although they are very similar in terms of function, there are some important differences.

The main benefit of proftpd is that it has a configuration file that is very easy to manage. The syntax of proftpd.conf is very similar to the Apache configuration file. This makes for quite efficient standardization of configuration files. This is easy to spot because of the modular architecture.
vsftpd is the default FTP server for Ubuntu, CentOS, Fedora, and Red Hat. This makes it very easy to install compared to proftpd, but it doesn't come as easily as a configuration file. vsftpd is also reported to be more secure.

Change File vsftpd

nano /etc/vsftpd.conf

#write_enable=YES
*change to
write_enable=YES

#chroot_local_user=YES
*change to
chroot_local_user=YES

#chroot_list_enable=YES
*change to
chroot_list_enable=YES

#chroot_list_file=/etc/vsftpd.chroot_list
*change to
chroot_list_file=/etc/vsftpd.chroot_list

ssl_enable=NO
*(still don't need to be changed), if the default is there is a # sign, discard it

Determines Who Users Can Access vsftpd's FTP

echo rizwan1 >> /etc/vsftpd.chroot_list

Configuration is Completed

Check SSH Service

*testing from windows-host
ssh [email protected] -p 22
then the results we will enter Debian10-Router

ssh [email protected] -p 222
then the results we will enter Debian10-Server

Check WebServer Service

*testing from windows-host
http://192.168.91.150

*testing from windows-client
http://11.1.25.1

Check FTP Service

*testing from windows-host
ftp://192.168.91.150

username : rizwan2
password : R1zw4n@123

PreviousHow to Create Rules to Create Strong Passwords for Users NextSimulate MITM Attack

Last updated 4 months ago