Re: port forward with the ipmasq package and Iptables
> > Should this work with my existing, complicated set of Iptables rules?
> Depends. As this is an "append" rule it might break if there are any
> DENY/REJECT rules before it in the chain, in which case it would be a matter
> of tweaking the position in the chain. Also, if you've got DENY/REJECTs in
> your FORWARD chain, these will potentially effect your connections too.
Okay, I'll stop requiring you to guess and reverse engineer Ipmasq and
post my small Iptables script that still doesn't work. The result is the
same change from "Connection refused" to "Connection timed out" that I
described earlier.
> > I was assuming that lots of people used the ipmasq package with Iptables
> Not I .. taking a quick look at it, it appears it's one of those
> auto-generating firewall scripts. I tend to avoid them myself.
The ipmasq package has been trusty to me so far.
My shell script is attached, unless I forget.
--
Tom Goulet mail: uid0@em.ca
UID0 Unix Consulting web: em.ca/uid0/
#!/bin/sh
set -e
EXTIF=eth1
INTIF=eth0
EXTIP="`ifconfig $EXTIF | awk /$EXTIF/'{next}//{split($0,a,":");split(a[2],a," ");print a[1];exit}'`"
PRINTERIP=192.168.10.10
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED \
-j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -A FORWARD -j LOG
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -d $EXTIP --dport 515 \
-j DNAT --to $PRINTERIP:515
iptables -I FORWARD 1 -i $EXTIF -o $INTIF -p tcp -d $PRINTERIP --dport 515 \
-j ACCEPT
Reply to: