Re: Iptables newbie

To: Christian Saalborn <christian.saalborn@inxnet.de>, debian-firewall@lists.debian.org
Subject: Re: Iptables newbie
From: Gene Wheelbarger <gwheelbarger@yahoo.com>
Date: Fri, 13 Sep 2002 08:32:31 -0700 (PDT)
Message-id: <[🔎] 20020913153231.199.qmail@web21412.mail.yahoo.com>
In-reply-to: <[🔎] 3D81BACD.2090604@inxnet.de>

Are you wanting to host the game on an internal
computer or on your router/firewall? If it's going to
be on an internal computer, you need to set up NAT to
redirect the incoming port to whatever computer is
going to host the game. You would need something like:

iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport
2346 -j DNAT --to-destination 192.168.0.2:2346
(modified to suit your specific needs, of course)

Gene

PS: there's lots of good information and links at 
http://www.linuxguruz.org/iptables/ 
You might even find a script that suits your needs
there.

--- Christian Saalborn <christian.saalborn@inxnet.de>
wrote:
> Hello,
> has a newbie to iptables I have some problems. I
> have a dsl-router which 
> is also my firewall. In my lan I want to host a game
> ( e.g. megamek ). 
> This game needs port 2346. So I thought the script I
> appended below 
> should work. The next thing is that my firewall
> didn't log the messages. 
> I get no message from the firewall if somebody want
> to connect to my 
> server and he is rejected. UDP messages or ICMP
> messages or other TCP 
> messages are logged. I run woody with 2.4 kernel
> same goes for the lan 
> machines.
> 
> Thanks in advance,
> 
> Christian
> 
> 
> The script:
> 
> #!/bin/bash
> 
> UPLINK="ppp0"
> 
> INTERFACES="lo ppp0 eth1"
> 
> iptables -P INPUT DROP
> iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
> iptables -A INPUT -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> 
> iptables -A INPUT -p tcp --dport 2346 -m state
> --state NEW -j ACCEPT
> iptables -A OUTPUT -p tcp -o ${UPLINK} -m state
> --state
> NEW,ESTABLISHED -j ACCEPT
> 
> if [ -e /proc/sys/net/ipv4/tcp_ecn ]
> then
>          echo 0 > /proc/sys/net/ipv4/tcp_ecn
> fi
> 
> for x in ${INTERFACES}
> do
>          echo 1 >
> /proc/sys/net/ipv4/conf/${x}/rp_filter
> done
> 
> echo 1 > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o ${UPLINK} -j
> MASQUERADE
> 
> iptables -A INPUT  -i ${UPLINK} -p tcp -j LOG
> --log-prefix "IPTABLES
> TCP-IN: "
> iptables -A OUTPUT -o ${UPLINK} -p tcp -j LOG
> --log-prefix "IPTABLES
> TCP-OUT: "
> iptables -A INPUT  -i ${UPLINK} -j LOG --log-prefix
> "IPTABLES
> PROTOCOL-X-IN: "
> iptables -A OUTPUT -o ${UPLINK} -j LOG --log-prefix
> "IPTABLES
> PROTOCOL-X-OUT: "
> 
> iptables -A INPUT -p tcp -i ${UPLINK} -j REJECT
> --reject-with tcp-reset
> iptables -A INPUT -p udp -i ${UPLINK} -j REJECT
> --reject-with
> icmp-port-unreachable
> 
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to
> debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 


=====
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html

__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com

Reply to:

References:
- Iptables newbie
  - From: Christian Saalborn <christian.saalborn@inxnet.de>

Prev by Date: Iptables newbie
Next by Date: DHCP, cable modem, rfc1918
Previous by thread: Iptables newbie
Next by thread: DHCP, cable modem, rfc1918
Index(es):
- Date
- Thread