Fwd: IPTables tutorial
Gaston Franco
gfranco@arcert.gov.ar
Wed, 18 Jul 2001 14:16:06 -0300
Hi! ...
> All I want to do is something like this
> =
> Iptables =ADt nat =ADA PREROUTING =ADd $EXTERNAL_IP =ADp tcp --dport 80=
=ADJ DNAT --to
> 192.168.0.10
How does your Default FORWARD Policy look like?... =
If it's set to DROP ( iptables -P FROWARD DROP )..then you need to =
allow de 192.168.0.10 machine in the FORWARD chain...
something like
Iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
Iptables -A FORWARD -d 192.168.0.10 -p tcp --dport 80 -m state --state NE=
W -j ACCEPT
Sorry for my poor english .
Oskar Andreasson wrote:
> =
> sorry for sending this on to the list, but since I've been on vacation =
I got some
> 100 private mails lying around that needs answering. I hope someone wil=
l take a
> short time answering it.
> =
> Thanks,
> =
> --Oskar Andreasson
> =
> ---------- Forwarded Message ----------
> Subject: IPTables tutorial
> Date: Tue, 17 Jul 2001 18:34:36 -0500
> From: David Eusse <david.eusse@calipso.com.co>
> To: <blueflux@koffein.net>
> =
> Oskar,
> =
> Sorry for writing you but I haven=B9t been able to fix this problem and=
your
> iptables guide has been very useful and I guess you can give some speci=
fic
> help.
> =
> I have used and adapted your rc.firewall script and it works fine excep=
t for
> one problem:
> =
> I=B9m trying to do DNAT to an internal server but it doesn=B9t work (ju=
st a
> normal tcp port)
> =
> * I have a standard RedHat 7.1 server with two interface cards
> * eth0 is the external interface with a real IP address
> * eth1 is the internal interface with a private class C address
> (192.168.0.1)
> * I have an internal web server which Ip address is 192.168.0.10
> =
> All I want to do is something like this
> =
> Iptables =ADt nat =ADA PREROUTING =ADd $EXTERNAL_IP =ADp tcp --dport 80=
=ADJ DNAT --to
> 192.168.0.10
> =
> I know that I=B9m missing something because I=B9m trying route an inter=
nal
> packet through the external interface but I don=B9t know what. It does=
n=B9t
> work, of course !!
> =
> I=B9ll be glad if you can give me a simple example in redirecting a por=
t into
> an internal IP trough a machine that has two interfaces.
> =
> I have searched and read all available iptables docs but I still haven=B9=
t
> been able to fix this problem.
> =
> Thank you in advance for your help (and your patience).
> =
> David Eusse
> =
> --
> *******************************************************
> =
> David F. Eusse Uribe
> Gerente General
> =
> Calipso Proveedor Internet
> Servicios Profesionales y Empresariales de Internet
> =
> http://www.calipso.com.co
> =
> *******************************************************
> =
> -------------------------------------------------------
> =
> -------------------------------------------------------------------=
-------------
> Oskar,
> =
> Sorry for writing you but I haven=92t been able to fix this problem and=
your iptables
> guide has been very useful and I guess you can give some specific help.=
> =
> I have used and adapted your rc.firewall script and it works fine excep=
t for one
> problem:
> =
> I=92m trying to do DNAT to an internal server but it doesn=92t work (ju=
st a normal tcp port)
> =
> * I have a standard RedHat 7.1 server with two interface cards
> * eth0 is the external interface with a real IP address
> * eth1 is the internal interface with a private class C address (192=
=2E168.0.1)
> * I have an internal web server which Ip address is 192.168.0.10
> =
> All I want to do is something like this
> =
> Iptables =96t nat =96A PREROUTING =96d $EXTERNAL_IP =96p tcp --dport 80=
=96J DNAT --to
> 192.168.0.10
> =
> I know that I=92m missing something because I=92m trying route an inter=
nal packet through
> the external interface but I don=92t know what. It doesn=92t work, of =
course !!
> =
> I=92ll be glad if you can give me a simple example in redirecting a por=
t into an internal
> IP trough a machine that has two interfaces.
> =
> I have searched and read all available iptables docs but I still haven=92=
t been able to
> fix this problem.
> =
> Thank you in advance for your help (and your patience).
> =
> David Eusse
> =
> --
> *******************************************************
> =
> David F. Eusse Uribe
> Gerente General
> =
> Calipso Proveedor Internet
> Servicios Profesionales y Empresariales de Internet
> =
> http://www.calipso.com.co
> =
> *******************************************************