[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: port forward with the ipmasq package and Iptables




>I'm probably going to switch to Linux 2.2 and use that infernal
>impasqadm program.  If I can't get Iptables to forward a port with a
>simple Iptables script and the instructions from the IP Masquerading
>Howto and the input of someone else who seems to know what he's talking
>about, I'm not going to get Iptables to work.  This is where I mentally
>file away the problem into the (very large) bin marked "Computers
>Suck".


I just played with your firewall script and it worked for me in the
right way after only doing some changes! Perhaps you should give
iptables a fair chance before switching back to the old ipchains!
There are really many advantages in iptables if you know how to get this
damned thing working ;-)

Richard

#!/bin/sh
set -e
EXTIF=eth1
INTIF=eth0
EXTIP="`ifconfig $EXTIF | awk /$EXTIF/'{next}//{split($0,a,":");split(a[2],a," ");print a[1];exit}'`"
PRINTERIP=192.168.10.10
INTNET='192.168.10.0/24'

echo 1 >/proc/sys/net/ipv4/ip_forward

iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
#
iptables -t nat -F
#
#
#
iptables -A INPUT -i $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
#
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -s $INTNET -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 515 -j ACCEPT
iptables -A FORWARD -j LOG
#
#
#
iptables -t nat -A POSTROUTING -o $EXTIF -s $INTNET -j MASQUERADE
#
iptables -t nat -A PREROUTING -p tcp -i $EXTIF --dport 515 -j DNAT --to $PRINTERIP:515



Reply to: