We Keep Coding

AWS ubuntu iptable port forwarding between its two interfaces

I have an AWS ubuntu instance with the following network interfaces:
ens5, ip: 172.XX.XX.XX
A5TAP, ip:192.168.233.1 (VPN)
How do I udp port forward port 10000-10200 to 192.168.233.52:10000-10200?
I tried a the obvious commands below for a single port 10009, but it is not working:
sudo iptables -t nat -A PREROUTING -p udp --dport 10009 -j DNAT --to-destination 192.168.233.52:10009
sudo iptables -t nat -A POSTROUTING -p udp -d 192.168.233.52 --dport 10009 -j SNAT --to-source 172.XX.XX.XX
sudo iptables -t nat -L -n
=======What I tried so far:
I am trying to port forward port 10009 all udp traffic to ens5, to 192.168.233.52 in A5TAP:
172.XX.XX.XX:10009 -> 192.168.233.52:10009
The udp stream is a video stream.
I followed this tutorial, but it is not working. As when I shoot the udp stream to 172.XX.XX.XX:10009, no video is showing.
If I do sudo tcpdump -i ens5 -n udp port 10009:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens5, link-type EN10MB (Ethernet), capture size 262144 bytes
14:08:51.035226 IP 59.XXX.XXX.XXX.46696 > 172.XX.XX.XX.10009: UDP, length 1400
14:08:51.035703 IP 59.XXX.XXX.XXX.46696 > 172.XX.XX.XX.10009: UDP, length 510
(and so on....)
That means my AWS instance is receiving the video stream from my machine.
But when I do sudo tcpdump -i A5TAP -n udp port 10009, there are no traffics.
If I joined the machine with video stream to A5TAP VPN, and send udp stream to 192.168.233.52:10009, I can see the stream.
Thanks to maxstr's answer, the port forwarding between interfaces in the same machine worked:
sudo tcpdump -i A5TAP -n udp port 10009:
07:45:53.701800 IP 192.168.233.1.49538 > 192.168.233.52.10009: UDP, length 700

I believe what you want is the following:
sudo iptables -t nat -A OUTPUT -p udp --dport 10009 -j DNAT --to-destination 192.168.233.52:10009
because the PREROUTING chain will not be in the path of local outbound traffic. OUTPUT will.

UFW port forwarding does not work with my coturn set up

I am trying to receive data on port 443 and forward that to my coturn server listening to port 5349.
I want this set up so that my webRTC app can connect over 443 but without my coturn server having root access(for privilege port 443).
In my /etc/ufw/before.rules I have below entries
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 5349
COMMIT
When I test my turn setup at https://test.webrtc.org/ using 443 port I get:
Udp disabled
Relay connectivity timed out
Reflexive connectivity timed out
But using using port 5349 it seems to work.
I have all needed ports open in ufw. I tried with ufw disabled too.
Do I need to add any other changes for port forwarding like adding entry OUTPUT(which I don't know how to add, though).
Do I need to add the rule entry for IPv6 too (/etc/ufw/before6.rules)?

I added these to the before.rules file
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 5349
-A PREROUTING -p udp --dport 443 -j REDIRECT --to-port 5349
:OUTPUT ACCEPT [0:0]
-A OUTPUT -o lo -p tcp --dport 443 -j REDIRECT --to-port 5349
-A OUTPUT -o lo -p udp --dport 443 -j REDIRECT --to-port 5349
COMMIT
I am not sure if it is ok. But at the moment this seems to work. I am still open for suggestion. Please give me suggestions to improve what I have done so far

Can't access RabbitMQ web management interface from external ips

After a fresh install of RabbitMQ server on CentOs 7.7
I can reach the :15672 port from localhost
curl -i http://localhost:15672
HTTP/1.1 200 OK
But i cant reach the web interface from external ips
curl -i http://serverRemoteIp:15672
curl: (7) Failed connect to serverRemoteIp:15672; Connection timed out
the server is remote, so i need access from remote ips
any idea?

First, yesterday I exec this on my server
sudo iptables -A INPUT -p tcp -m tcp --dport 15672 -j ACCEPT
and the problem continue. Yoday I run:
iptables -I INPUT 1 -p tcp --dport 15672 -j ACCEPT
service iptables save
service iptables restart
and works!!

How to use rabbitmqctl to connect to the rabbitmqserver in the docker container?

I've used docker to start my rabbitmqserver. How can I use rabbitmqctl to connect to the rabbitmqserver in the docker container?
Port 5672 has been exposed and map to the 5672 port of my host. But I still get the following error:
Status of node rabbit#m2 ...
Error: unable to connect to node rabbit#m2: nodedown

Assuming your container is called rabbitmq and is running:
docker exec rabbitmq rabbitmqctl start_app

rabbitmqctl uses Erlang Distributed Protocol (EDP) to communicate with RabbitMQ. Port 5672 provides AMQP protocol. You can investigate EDP port that your RabbitMQ instance uses:
$ netstat -uptan | grep beam
tcp 0 0 0.0.0.0:55950 0.0.0.0:* LISTEN 31446/beam.smp
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 31446/beam.smp
tcp 0 0 0.0.0.0:55672 0.0.0.0:* LISTEN 31446/beam.smp
tcp 0 0 127.0.0.1:55096 127.0.0.1:4369 ESTABLISHED 31446/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 31446/beam.smp
It means that RabbitMQ:
connected to EPMD (Erlang Port Mapper Daemon) on 127.0.0.1:4369 to make nodes able to see each other
waits for incoming EDP connection on port 55950
waits for AMQP connection on port 5672 and 55672
waits for incoming HTTP management connection on port 15672
To make rabbitmqctl able to connect to RabbitMQ you also have to forward port 55950 and allow RabbitMQ instance connect to 127.0.0.1:4369.
It is possible that RabbitMQ EDP port is dinamic, so to make it static you can try to use ERL_EPMD_PORT variable of Erlang environment variables or use inet_dist_listen_min and inet_dist_listen_max of Erlang Kernel configuration options and apply it with RabbitMQ environment variable - export RABBITMQ_CONFIG_FILE="/path/to/my_rabbitmq.conf
my_rabbitmq.conf
[{kernel,[{inet_dist_listen_min, 55950},{inet_dist_listen_min, 55950}]}].
Or you can use RabbitMQ Management Plugin. It is more functional and simple to setup.

I got this error trying to setup RabbitMQ on a cluster on an ubuntu and fedora machine:
el#apollo:/etc/rabbitmq$ sudo rabbitmqctl join_cluster rabbit#192.168.1.8
Clustering node rabbit#apollo with 'rabbit#192.168.1.8' ...
Error: unable to connect to nodes ['rabbit#192.168.1.8']: nodedown
DIAGNOSTICS
===========
attempted to contact: ['rabbit#192.168.1.8']
rabbit#192.168.1.8:
* unable to connect to epmd (port 4369) on 192.168.1.8: address
(cannot connect to host/port)
current node details:
- node name: rabbitmqctl7233#apollo
- home dir: /var/lib/rabbitmq
- cookie hash: g0tS9zEdo7OEDSZaDTGirA==
I was able to eliminate this error by opening the 4369 and 59984 port on the 192.168.1.8 machine that is one of the slave nodes of the cluster:
el#defiant ~ $ su -
Password:
[root#defiant ~]# iptables -I INPUT -p tcp --dport 4369 --syn -j ACCEPT
[root#defiant ~]# iptables -I INPUT -p tcp --dport 59984 --syn -j ACCEPT

Port 4369 was not enabled on firewall. When I switched firewall 'off'. Everything started working.

Just type docker exec -t rabbitmq sh
Then you will get access to the terminal of your docker environment.
Once you are in, type rabbitmqctl to see if it works
Hopefully it can help you.

Test/Configure All NAT Scenarios(Full Cone,Port Restricted etc) by (1) .using iptables/ethernet/loopback interface

What I am trying to Achieve:
Test/Configure All NAT Scenarios(Full Cone,Port Restricted etc) by (1) .using iptables (2) ethernet interface (3) loopback interface (Using only one machine)
Set Up following configuration :
I am running one VM in a Linux BOX, and performed following configuration :
Linux BOX IP is : 192.168.0.4
Linux Box Virtual Box Gateway IP is : 192.168.56.1
Running Stun Server Binded on : 192.168.56.1 (Primary) and 192.168.0.4 (Secondary) on Linux Box
Running Stun Client on VM(Running on above Linux Server) at 127.0.0.1:2000 , and configured iptables rules to forward loopback interface traffic to ethernet interface (192.168.56.102) and vice versa.
Expected Result
I should be able to configure each NAT Simulation via iptables/ethernet/loopback interface on which STUN Server running on Host and Stun Client running on VM, and it should tell the type of NAT
Actual Result
iptables doing nothing with the packets in/out to loopback interface
socket sendto call fails with error : "error 22 invalid arguement" because socket has bind with 127.0.0.1:2000 and destination address is : 192.168.56.1
See below in short
[Loopback-Interface(127.0.0.1 :2000 / *Running STUN Client*/ VM) -->[*IPTABLES RULES TO/FROM*] <-- Ethernet-Interface(VM -- 192.168.56.102:2000) ==>|| ==> HOST(Gateway - 192.168.56.1:3478 - *Running STUN Server*)] ::
Examples Rules ::
sudo iptables -t nat -A POSTROUTING -o eth0 -p udp --source 127.0.0.1 --sport 2000 -j SNAT --to-source 192.168.56.102
sudo iptables -t nat -A POSTROUTING -o eth0 -p tcp --source 127.0.0.1 --sport 2001 -j SNAT --to-source 192.168.56.102
sudo iptables -t nat -A PREROUTING -i eth0 -p udp --destination 192.168.56.102 --dport 2000 -j DNAT --to-destination 127.0.0.1
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --destination 192.168.56.102 --dport 2000 -j DNAT --to-destination 127.0.0.1
It Seems iptables doesn't pick packets from loopback interface
References : http://www.linuxquestions.org/questions/linux-networking-3/iptables-redirect-127-0-0-1-to-192-168-1-113-a-818817/
Please let me know if any body can help on this.