Re: postrouting and dmz
From: Pete Nesbitt (pete_at_linux1.ca)
Date: 02/25/04
- Previous message: Stuart Sears: "Re: Custom Installation for multiple machines"
- In reply to: ip tables: "postrouting and dmz"
- Next in thread: Pete Nesbitt: "Re: postrouting and dmz"
- Reply: Pete Nesbitt: "Re: postrouting and dmz"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: redhat-list@redhat.com Date: Wed, 25 Feb 2004 06:34:31 -0800
On February 24, 2004 10:58 pm, ip tables wrote:
> Hello,
>
> I use iptables 1.2.7a on RH 9.0 when i enable
> iptables -t nat --policy PREROUTING DROP
> it stops my connecting to the services offerd @ the
> natted dmz. Also nmap shows the ports opened when i do
> a "connect" scan. I have no user defined chanins. Any
> idea?
>
> Thanks and regards
Hi,
why do you have PREROUTING DROP that will kill everything (but I do not
beleive it is valid) ? --policy is normally set near the top of the
script/ruleset, and is not required for PRE or POST routing, just for input,
output, forward and user defined.
If I follow what you are after, try something like:
#inbound redircts to webserver on dmz
$IPTABLES -A PREROUTING -t nat -p tcp -i $EXT_IF --dport 80 -j DNAT
--to-destination $WEB_SERVER
# outbound web server connections are all masquaraded
$IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $WEB_SERVER -j MASQUERADE
Let me know if you need more details as you have not given much information
about the rest of the rules or the access senario.
-- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Stuart Sears: "Re: Custom Installation for multiple machines"
- In reply to: ip tables: "postrouting and dmz"
- Next in thread: Pete Nesbitt: "Re: postrouting and dmz"
- Reply: Pete Nesbitt: "Re: postrouting and dmz"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
