[NTLUG:Discuss] simple portforwarding firewall

Neil Aggarwal neil at JAMMConsulting.com
Sat Jun 22 13:02:56 CDT 2002 

Jay:

Here is what I was able to use to get portforwarding to
work:

	echo "1" > /proc/sys/net/ipv4/ip_forward

	# Set-up routing to allow NAT of the internal machine
	/sbin/ifconfig eth0:1 $EXTERNAL_IP netmask $NETMASK broadcast
$EXTERNAL_BCAST
	/sbin/iptables -t nat -A PREROUTING -d $EXTERNAL_IP -j DNAT --to
$INTERNAL_IP
	/sbin/iptables -t nat -A POSTROUTING -s $INTERNAL_IP -j SNAT --to
$EXTERNAL_IP

I hope this helps.

	Neil.

--
Neil Aggarwal
JAMM Consulting, Inc.    (972) 612-6056, http://www.JAMMConsulting.com
Custom Internet Development    Websites, Ecommerce, Java, databases


> -----Original Message-----
> From: discuss-admin at ntlug.org [mailto:discuss-admin at ntlug.org]On Behalf
> Of Jay Urish
> Sent: Friday, June 21, 2002 2:39 PM
> To: discuss at ntlug.org
> Subject: [NTLUG:Discuss] simple portforwarding firewall
>
>
> Hey yall;
>
> I need a shove in the right direction..
>
> I am trying to forward all requests to port 80 on a clean side
> box from the
> internet through a iptables firewall..
>
> The following script is not working..
>
> I am looking for 4 -5 lines to do this..
>
>
> What am I missing? I have been to a pile of netfilter sites and that is
> where I got what I have.
>
> I need another set off eyes to look this over and catch my goof.
>
> ----
> #This is a cheesey script by j at yourlinuxguru.com
> #feel free to modify it at your own risk.
>
> #I need to set default rules first
> #!/bin/sh
> # Flush current settings
> iptables -P INPUT ACCEPT
> iptables -F INPUT
> iptables -P OUTPUT ACCEPT
> iptables -F OUTPUT
> iptables -F FORWARD
> iptables -t nat -F
>
> #I need to load a module
> /sbin/modprobe iptable_nat
>
>
>
> #I am enabling ip forwarding right here
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
>
> iptables -A PREROUTING -t nat -p tcp -d 63.64.250.206 --dport 80 -j DNAT
> --to 192.168.2.30:80
>
>
>
> #Now I make sure packets can forward
> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
>
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list