Webhorizon NAT - ipv4 tcp port forwarding not working?

edited December 2021 in Help

I'm not getting ipv4 tcp port forwarding to work.

I have set up:

Protol TCP
Source IP: 170.161.5x.xx
Source Port: xx21-10 =xx11
Destination IP: 10.37.110.xx
Destination port: 7172

Forwarding to http server.

The http server works on ipv6.

Any suggestions how to troubleshoot?

«1

Comments

  • ehabehab Content Writer
    edited December 2021

    i am writing an article that has such info:

    First check the host

    # cat /proc/sys/net/ipv4/ip_forward
    1
    # cat /proc/sys/net/bridge/bridge-nf-call-iptables
    1
    

    if 0 "not enabled" then open a ticket and nicely ask.

    my article will be done when i get some 4-5 hours free and its about installing wireguard-go on alpine.

    Thanked by (2)chocolateshirt vict0r
  • edited December 2021

    Thank you.

    I have

    # cat /proc/sys/net/bridge/bridge-nf-call-iptables
    0

    Where can I read your article?

  • ehabehab Content Writer

    hopefully will be published next week or after.

  • @vict0r said:
    I'm not getting ipv4 tcp port forwarding to work.

    I have set up:

    Protol TCP
    Source IP: 170.161.5x.xx
    Source Port: xx21-10 =xx11
    Destination IP: 10.37.110.xx
    Destination port: 7172

    Forwarding to http server.

    The server works on ipv6.

    Any suggestions how to troubleshoot?

    I dont know if I missunderstood what you are doing but you cant set any portforwards, they are already set.
    If you are looking at the domain forwarding and the TCP part there its still only proxy for port 80 and 443 only, I think it says somewhere as well.

  • edited December 2021

    @kvidden said:

    I dont know if I missunderstood what you are doing but you cant set any portforwards, they are already set.
    If you are looking at the domain forwarding and the TCP part there its still only proxy for port 80 and 443 only, I think it says somewhere as well.

    Protocol TCP and destination port 80 does not work.

    When looking at the domain forwarding and click "!", I get the following information:

    Reserved ports: 22,25,465,587
    Reserved Ports only for HTTP/HTTPS: 80,443,2083,2087,2222
    Allowed ports: 80,443,2083,2087,2222,1000-4000,6500-9999

    I would then expect to be able to configure one of "my" 20 ports using the tcp option under protocol to any of the following ports and get it working:
    "80,443,2083,2087,2222,1000-4000,6500-9999"

    I have now tried 3 os images and non of them have /proc/sys/net/bridge/bridge-nf-call-iptables enabled.

  • Unless it's like no NAT I've ever had you don't pick your ports - they're assigned to you. Check the email you got when you bought the VPS. It'll say something like "take the last octet of your IP address and it's the next twenty ports". Nothing you do inside the VPS will make any difference.

  • @vict0r said: I would then expect to be able to configure one of "my" 20 ports using the tcp option under protocol to any of the following ports and get it working:

    Take a look at:

    https://my.webhorizon.in/plugin/support_manager/knowledgebase/view/3/nat-ipv4-ports-calculator-ovz-lxc/

  • edited December 2021

    I did check the ports calculator before setting up the forwarding. I know which ports I can use (assigned to me).

    It seems that something must be manually configured by Webhorizon so that /proc/sys/net/bridge/bridge-nf-call-iptables ends up as 1 instead of 0. I tried to fix it myself in /etc/sysctl.conf, but it broke the vps.

  • Why didn't you just put your web server on one of your ports?

  • edited December 2021

    I want to use it without a domain.

    Also, I want a second one, and a third (without a proxy).

  • AbdullahAbdullah Hosting ProviderOG
    edited December 2021

    use any of the ports mentioned here: https://my.webhorizon.in/plugin/support_manager/knowledgebase/view/3/nat-ipv4-ports-calculator-ovz-lxc/

    They can be used directly on the vps. Additional Domain Forwarding is not required.
    TCP/udp is forwarded by default

  • @Abdullah said:
    use any of the ports mentioned here: https://my.webhorizon.in/plugin/support_manager/knowledgebase/view/3/nat-ipv4-ports-calculator-ovz-lxc/

    They can be used directly on the vps. Additional Domain Forwarding is not required.
    TCP/udp is forwarded by default

    Thank you.

    I am using the suggested ports from the calculator. It's not working.

    It is suggested in second post that the following must be enabled:

    % cat /proc/sys/net/ipv4/ip_forward
    1
    % cat /proc/sys/net/bridge/bridge-nf-call-iptables
    1

    of which I can confirm that /proc/sys/net/bridge/bridge-nf-call-iptables is not enabled.

    If this is the problem, why is it not enabled ny default?

    I tried to enable it in the vps, but it did not work. Is there a need for a knowledge article on how to correctly enable it or even better it could be enabled by default?

  • ehabehab Content Writer

    if you use docker and iptables is enabled then the bridge-nf-call-iptables is needed.

  • @vict0r said:
    If this is the problem, why is it not enabled ny default?

    It's not enabled on any of my machines and my ports work fine.

    Thanked by (2)vict0r kvidden
  • edited December 2021

    Edit: Never mind. Didn't read correct.

  • @skorous said:

    @vict0r said:
    If this is the problem, why is it not enabled ny default?

    It's not enabled on any of my machines and my ports work fine.

    Which os-images are you using?

  • @vict0r said:

    Which os-images are you using?

    Debian 10 iirc

  • I don't understand how it can be working for you and not me. Are you using "Protocol TCP" in domain forwarding (and not HTTP or HTTPS)?

  • Here is my config. I can't see anything wrong.

    https://upld.im/image/forwarding.UUZUVR

  • You don't do anything - they just work.

    For ex, port 15013 is assigned to me. I put my nebula instance on port 15013 and it works. Honest, that's all I did.

    Thanked by (1)yoursunny
  • edited December 2021

    Thank you.

    In other words:

    Delete that config and set up your server to use port xx01 instead of 7172 on your vps server.

    A knowledge article about this is needed.

  • @skorous said: Why didn't you just put your web server on one of your ports?

    I kinda did say that. ;-)

  • I probably didn't read that correct.

  • Yeah, is my bad that my statement was equally correct for how both of us perceived the problem. You has it worked out now?

  • Yes, it's working.

    I'm still not sure though why there is a interface where it's possible to configure "tcp-protocol" from source port on the "public ip" to any of the "allowed destination" ports on the "destination ip" (vps ip). If working it would help keeping things neat and tidy with identical (local) ports on more/all servers.

  • @vict0r said:
    Thank you.

    In other words:

    Delete that config and set up your server to use port xx01 instead of 7172 on your vps server.

    A knowledge article about this is needed.

    https://my.webhorizon.in/plugin/support_manager/knowledgebase/view/3/nat-ipv4-ports-calculator-ovz-lxc/


    @vict0r said:
    Yes, it's working.

    I'm still not sure though why there is a interface where it's possible to configure "tcp-protocol" from source port on the "public ip" to any of the "allowed destination" ports on the "destination ip" (vps ip). If working it would help keeping things neat and tidy with identical (local) ports on more/all servers.

    This port forwarding option in Virtualizor is only used in KVM NAT service, which has been discontinued.
    Maybe @Abdullah forgot to disable it?

    Thanked by (1)vict0r

    Hammer the cores and blast the ports with no mercy.

  • edited December 2021

    It seems I need more help.

    I have enabled tun/tap in the control panel but when running Nyr's install script I get the following error:

    % bash wireguard-install.sh
    The system does not have the TUN device available.
    TUN needs to be enabled before running this installer.

    % cat /dev/net/tun
    cat: /dev/net/tun: Operation not permitted

    Any hints on how to resolve this problem?

  • ehabehab Content Writer

    which node you are installing the wiregaurd?

  • NY (is this the correct answer?).

  • edited December 2021

    @vict0r said: Any hints on how to resolve this problem?

    There's an option in Virtualizor to enable the TUN device:

    Don't forget to restart your VPS from the Virtualizor panel afterwards.

    Need a free NAT LXC? -> https://microlxc.net/

Sign In or Register to comment.