IPTables Question

• Previous message: Ramya Desai: "Packet capture drivers"
• Next in thread: Clifford Kite: "Re: IPTables Question"
• Reply: Clifford Kite: "Re: IPTables Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 29 Nov 2004 22:23:47 +1100

Okay this is going to probably come across as a newbie question but it
really is bugging me.

I have a machine running as a gateway between my local network and the
internet. The internet is accessed via dialup (I know but DSL costs big
ones at the moment). Everything works fine except for the port forwarding.
Below is the script I have knocked together to build the firewall, if some
one could have a look at it and tell me what I am doing wrong that would
be great.

#!/bin/sh
                                                                                
# Diable forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward
                                                                                
                                                                                
LAN_IP_NET='192.168.0.1/24'
LAN_NIC='eth0'
WAN_NIC='ppp0'
FORWARD_IP='192.168.0.1'
                                                                                
#Get External IP
WAN_IP="`ifconfig $WAN_NIC | grep 'inet addr' | awk '{print $2}' | sed -e
's/.*://'`"
                                                                                
# load some modules (if needed)
                                                                                
# Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F
                                                                                
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
                                                                                
# enable Masquerade and forwarding
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE iptables -A
FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET iptables -A FORWARD -m state
--state ESTABLISHED,RELATED -j ACCEPT
                                                                                
# STATE RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
                                                                                
# Open ports for local network
iptables -A INPUT -i eth0 -j ACCEPT -p tcp --dport 10000 iptables -A INPUT
-i eth0 -j ACCEPT -p tcp --dport 3128 iptables -A INPUT -i ppp0 -j ACCEPT
-p tcp --dport 8081 # Open ports to server on LAN iptables -A FORWARD -i
ppp0 -p tcp --syn -m state --state NEW,ESTABLISHED,RELATED -d 192.168.0.1
-j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j
ACCEPT iptables -A FORWARD -p tcp -i ppp0 -o eth0 -d 192.168.0.1 --dport
80 --sport 1024:65535 -m state --state NEW -j ACCEPT iptables -A FORWARD
-t filter -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i ppp0 -m state --state ESTABLISHED,RELATED
-j ACCEPT
                                                                                
#Enable Port Forward
iptables -t nat -A PREROUTING -i ppp0 -d $WAN_IP -p tcp --dport 8081
--sport 80:65535 -j DNAT --to-destination $FORWARD_IP:80
                                                                                
iptables -A FORWARD -j LOG
# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward echo "1" >
/proc/sys/net/ipv4/ip_dynaddr

• Previous message: Ramya Desai: "Packet capture drivers"
• Next in thread: Clifford Kite: "Re: IPTables Question"
• Reply: Clifford Kite: "Re: IPTables Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]