Re: my iptables script
On Thursday 04 September 2003 11:15, Jule Slootbeek wrote:
> Hi,
> Thank you for your feedback, I took your advise i think..:) and this is
> what i came up with
>
> echo "Setting firewall rules..."
> #ipforwarding and masquerading
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j
> MASQUERADE
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -m state --state NEW -j ACCEPT
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -m state --state NEW -s 192.168.0.0/24 -j ACCEPT
> # allows for forwarding
> iptables -A FORWARD -m state --state NEW -p tcp -s 140.232.x.x
> --dport 2401 -j ACCEPT
> iptables -A FORWARD -m state --state NEW -p tcp -s 140.232.x.x
> --dport 22 -j ACCEPT
> iptables -A FORWARD -m state --state NEW -p tcp -s 140.232.x.x
> --dport 80 -j ACCEPT
>
> #redirecting ports
> iptables -t nat -A PREROUTING -d 140.232.x.x1 -p tcp --dport 2401 -j
> DNAT --to-destination 192.168.0.2:2401
> iptables -t nat -A PREROUTING -d 140.232.x.x -p tcp --dport 80 -j
> DNAT --to-destination 192.168.0.2:80
> iptables -t nat -A PREROUTING -d 140.232.x.x -p tcp --dport 22 -j
> DNAT --to-destination 192.168.0.3:22
> ;;
>
> but now when i run the firewall, ports 2401 and 80 are not open, (nmap
> localhost) and nmap 140.232.x.x times out. I'm not sure what's wrong.
> TIA,
>
> Jule
First things first, I have to ask the obvious : have you enabled forwarding?
sysctl -w net/ipv4/ip_forward=1
Secondly, you are defining a source address of 140.232.x.x in your FORWARD
rules, that should be destination address, not source address. Also, you may
need to use the internal end-point rather than the external address in those
FORWARD rules, ie: 192.168.0.2 instead of 140.232.x.x. I'd also use '-i eth0'
for those FORWARD rules (or whatever your externel interface is, ppp0 or
whatever).
Hope this helps.
t
--
GPG: http://n12turbo.com/tarragon/public.key
Reply to: