Proxmox 3 Firewall and Portforwarding

[Chris Westerfield]

Hi,

I was able to install hipchat server into one of the openvz container.
It is working so far, only I have an issue with the xmpp chat.

Hipchat asks to do the following with iptables:

root@hipchat-server:/home/admin# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 40541 packets, 2430K bytes)
pkts bytes target prot opt in out source destination
2 100 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 state NEW statistic mode nth every 1 /* tetra-proxy-0-chat-port */ to::5232
21 1344 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5223 state NEW statistic mode nth every 1 /* tetra-proxy-0-chat-port-ssl */ to::5233

Chain INPUT (policy ACCEPT 40564 packets, 2431K bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 209K packets, 16M bytes)
pkts bytes target prot opt in out source destination
2 120 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 state NEW statistic mode nth every 1 /* tetra-proxy-0-chat-port */ to::5232
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5223 state NEW statistic mode nth every 1 /* tetra-proxy-0-chat-port-ssl */ to::5233

So they are basically forwarding 5222 to 5232.
I use the firewall to increase security to a certain point.
But I don't have a clue how to achieve this.
Please help

regards

Chris

 

[wolfgang]

Hi,

you can create a script what applies this settings to you iptables (create a new chain) and then use it in the network interface with post-up and post-down