[NTLUG:Discuss] simple portforwarding firewall
Michael Patrick
michael at techiesplace.com
Sat Jun 22 03:51:43 CDT 2002
If you run tcpdump, are the packets getting to the webserver and just not back out or not getting there at all? I've done this before and your config looks good.. though two things come to mind:
1) Why do the flushes, then load the modules? (probably doesn't matter, so long as iptables -t nat --list is clean after flushing)
2) I've not done the MASQ jump... you might try this for a test:
iptables -t nat -A POSTROUTING -s 192.168.0.20 -j SNAT --to-source 12.255.151.61
Michael
On Fri, Jun 21, 2002 at 02:39:04PM -0500, Jay Urish wrote:
> Hey yall;
>
> I need a shove in the right direction..
>
> I am trying to forward all requests to port 80 on a clean side box from the
> internet through a iptables firewall..
>
> The following script is not working..
>
> I am looking for 4 -5 lines to do this..
>
>
> What am I missing? I have been to a pile of netfilter sites and that is
> where I got what I have.
>
> I need another set off eyes to look this over and catch my goof.
>
> ----
> #This is a cheesey script by j at yourlinuxguru.com
> #feel free to modify it at your own risk.
>
> #I need to set default rules first
> #!/bin/sh
> # Flush current settings
> iptables -P INPUT ACCEPT
> iptables -F INPUT
> iptables -P OUTPUT ACCEPT
> iptables -F OUTPUT
> iptables -F FORWARD
> iptables -t nat -F
>
> #I need to load a module
> /sbin/modprobe iptable_nat
>
>
>
> #I am enabling ip forwarding right here
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
>
> iptables -A PREROUTING -t nat -p tcp -d 63.64.250.206 --dport 80 -j DNAT
> --to 192.168.2.30:80
>
>
>
> #Now I make sure packets can forward
> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
>
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list