[HowTo] Forward reserved ports to NAT guest

Discussions related to using VirtualBox on Linux hosts.
Post Reply
mikebounds
Posts: 3
Joined: 15. Mar 2014, 21:38

[HowTo] Forward reserved ports to NAT guest

Post by mikebounds »

I am trying to set-up VPN between a server on the internet and a vbox guest using NAT, so trying to forward ports 500 and 4500.
So I have set-up UDP port forwarding in Vbox from 4500 to 4500 and 500 to 500, so for example to do this for port 4500:

Code: Select all

VBoxManage modifyvm "guestvm" --natpf1 "vpn-4500,udp,192.168.1.10,4500,10.0.2.15,4500"
and port 4500 works fine, so if I run :

Code: Select all

netcat -u 192.168.1.10 4500
where 192.168.1.10 is my laptop IP, from my laptop or from external server (I have port forwarding for 500 and 4500 on router), then I see traffic I send when listening from Vbox guest using:

Code: Select all

netcat -l -u 4500
However this does not work for port 500 which seems to be because this is a reserved port as all ports of 1024 and above I have tried work and ports 1023 and below do not work.
What I did get to work was if I forwarded from a port above 1024 to port 500 so if for example I forward port 2500 to 500, then I can do

Code: Select all

netcat -u 192.168.1.10 2500
and then see traffic listening on UDP port 500 from the VM guest, but I think it might be difficult to change port isakmp (port 500) to 2500 in libreswan VPN as I have read port 500 is hard coded.
So can I forward packets sent to port 500 on my laptop to port 500 in guest VM (nothing is listening on port 500 on laptop).
Last edited by socratis on 1. Jun 2018, 11:13, edited 1 time in total.
Reason: Marked as [HowTo].
Top
mikebounds
Posts: 3
Joined: 15. Mar 2014, 21:38

Re: How can I forward reserved ports to NAT guest

Post by mikebounds »

I figured this out by adding forwarding rules in ipables in my laptop host (running Ubuntu)
So I added port forward in Vbox from 2500 to 500 and then ran the following on my laptop:

Code: Select all

iptables -t nat -A PREROUTING -p udp -d 192.168.1.10 --dport 500 -j DNAT --to-destination 192.168.1.10:2500
iptables -A FORWARD -p udp -d 192.168.1.10 --dport 2500 -j ACCEPT
So now with port forwarding on my router I can send from a computer on the Internet to UDP port 500 to the public IP on my router which is forwarded to 192.168.1.10:500 which is forwarded by iptables to 192.168.1.10:2500 and then forwarded to my Vbox guest - 10.0.2.15:500

Mike
Top
socratis
Site Moderator
Posts: 27329
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: How can I forward reserved ports to NAT guest

Post by socratis »

This is deep networking territory, but I hope that someone might find it useful.

Since you provided the question and the answer (thank you!), I'm going to change the title of the thread from "How can I forward reserved ports to NAT guest" to "[HowTo] Forward reserved ports to NAT guest".
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Top
Post Reply

Return to “VirtualBox on Linux Hosts”