[ale] new to IPTABLES
Dean
dean777 at bellsouth.net
Sat Jan 12 02:32:44 EST 2002
<font
size=2 face="Courier New">Here
is the actual script I’m using.Â
The port forwarding is not working. See anything wrong?
<font
size=2 face="Courier New">Â
<font
size=2 face="Courier New">Thanks
to all you late nighters….. Dean
<font
size=2 face="Courier New">Â
<font
size=2 face="Courier New">#
<font
size=2 face="Courier New">#
this script is stored in a file called "build-firewall"
<font
size=2 face="Courier New">#
execute this script from /etc/rc.d/rc.local, i.e.,
<font
size=2 face="Courier New">#
place the command "/root/build-firewall" near the end of rc.local
<font
size=2 face="Courier New">#
<font
size=2 face="Courier New">#Enable
forwarding
<font
size=2 face="Courier New">echo
1 > /proc/sys/net/ipv4/ip_forward
<font
size=2 face="Courier New">#
<font
size=2 face="Courier New">#Accept
Policies
<font
size=2 face="Courier New">#
<font
size=2 face="Courier New">/sbin/iptables
--policy FORWARD ACCEPT
<font
size=2 face="Courier New">/sbin/iptables
-t nat --policy PREROUTING ACCEPT
<font
size=2 face="Courier New">#
<font
size=2 face="Courier New">#Accept
Telnet on Firewall for testing port Forwarding
<font
size=2 face="Courier New">/sbin/iptables
-A INPUT -s 0/0 -p tcp --dport <font
size=2 face="Courier New">23:23<font
size=2 face="Courier New">
-j ACCEPT
<font
size=2 face="Courier New">/sbin/iptables
-A INPUT -s 0/0 -p tcp --sport <font
size=2 face="Courier New">23:23<font
size=2 face="Courier New">
-j ACCEPT
<font
size=2 face="Courier New">#
<font
size=2 face="Courier New">#<font
size=2 face="Courier New">Enable<font
size=2 face="Courier New">
<span
style='font-size:10.0pt;font-family:"Courier New"'>Port<font
size=2 face="Courier New">
forwarding
<font
size=2 face="Courier New">/sbin/iptables
-t nat --policy PREROUTING ACCEPT
<font
size=2 face="Courier New">--sport
1024:65535 -d 66.100.100.111 --dport 23 \
<font
size=2 face="Courier New">-j
DNAT --to-destination 10.100.15.5
<font
size=2 face="Courier New">#
<font
size=2 face="Courier New">#
forward telnet through the firewall
<font
size=2 face="Courier New">/sbin/iptables
-A FORWARD -i eth0 -o hme0 -p tcp \
<font
size=2 face="Courier New">--sport
1024:65535 -d 10.100.15.5 --dport 23 \
<font
size=2 face="Courier New">-m
state --state NEW -j ACCEPT
<font
size=2 face="Courier New">#
<font
size=2 face="Courier New">#Establish
connectivity
<font
size=2 face="Courier New">/sbin/iptables
-A FORWARD -i hme0 -o eth0 \
<font
size=2 face="Courier New">-m
state --state ESTABLISHED,RELATED -j ACCEPT
<font
size=2 face="Courier New">#
<font
size=2 face="Courier New">/sbin/iptables
-A FORWARD -i eth0 -o hme0 \
<font
size=2 face="Courier New">-m
state --state ESTABLISHED,RELATED -j ACCEPT
<font
size=2 face="Courier New">#
<font
size=2 face="Courier New">Â
<font
size=2 face="Courier New">Â
<span style='font-size:10.0pt;
font-family:Arial'>Â
More information about the Ale
mailing list