[ale] new to IPTABLES

Dean dean777 at bellsouth.net
Sat Jan 12 02:32:44 EST 2002








<font
size=2 face="Courier New">Here
is the actual script I’m using. 
The port forwarding is not working. See anything wrong?

<font
size=2 face="Courier New"> 

<font
size=2 face="Courier New">Thanks
to all you late nighters….. Dean

<font
size=2 face="Courier New"> 

<font
size=2 face="Courier New">#

<font
size=2 face="Courier New">#
this script is stored in a file called "build-firewall"

<font
size=2 face="Courier New">#
execute this script from /etc/rc.d/rc.local, i.e.,

<font
size=2 face="Courier New">#
place the command "/root/build-firewall" near the end of rc.local 

<font
size=2 face="Courier New">#

<font
size=2 face="Courier New">#Enable
forwarding

<font
size=2 face="Courier New">echo
1 > /proc/sys/net/ipv4/ip_forward

<font
size=2 face="Courier New">#

<font
size=2 face="Courier New">#Accept
Policies

<font
size=2 face="Courier New">#

<font
size=2 face="Courier New">/sbin/iptables
--policy FORWARD ACCEPT

<font
size=2 face="Courier New">/sbin/iptables
-t nat --policy PREROUTING ACCEPT 

<font
size=2 face="Courier New">#

<font
size=2 face="Courier New">#Accept
Telnet on Firewall for testing port Forwarding

<font
size=2 face="Courier New">/sbin/iptables
-A INPUT -s 0/0 -p tcp --dport <font
 size=2 face="Courier New">23:23<font
size=2 face="Courier New">
-j ACCEPT 

<font
size=2 face="Courier New">/sbin/iptables
-A INPUT -s 0/0 -p tcp --sport <font
 size=2 face="Courier New">23:23<font
size=2 face="Courier New">
-j ACCEPT 

<font
size=2 face="Courier New">#

<font
size=2 face="Courier New">#<font
  size=2 face="Courier New">Enable<font
 size=2 face="Courier New">
 <span
  style='font-size:10.0pt;font-family:"Courier New"'>Port<font
size=2 face="Courier New">
forwarding

<font
size=2 face="Courier New">/sbin/iptables
-t nat --policy PREROUTING ACCEPT 

<font
size=2 face="Courier New">--sport
1024:65535 -d 66.100.100.111 --dport 23 \

<font
size=2 face="Courier New">-j
DNAT --to-destination 10.100.15.5

<font
size=2 face="Courier New">#

<font
size=2 face="Courier New">#
forward telnet through the firewall

<font
size=2 face="Courier New">/sbin/iptables
-A FORWARD -i eth0 -o hme0 -p tcp \

<font
size=2 face="Courier New">--sport
1024:65535 -d 10.100.15.5 --dport 23 \

<font
size=2 face="Courier New">-m
state --state NEW -j ACCEPT

<font
size=2 face="Courier New">#

<font
size=2 face="Courier New">#Establish
connectivity

<font
size=2 face="Courier New">/sbin/iptables
-A FORWARD -i hme0 -o eth0 \

<font
size=2 face="Courier New">-m
state --state ESTABLISHED,RELATED -j ACCEPT

<font
size=2 face="Courier New">#

<font
size=2 face="Courier New">/sbin/iptables
-A FORWARD -i eth0 -o hme0 \

<font
size=2 face="Courier New">-m
state --state ESTABLISHED,RELATED -j ACCEPT

<font
size=2 face="Courier New">#

<font
size=2 face="Courier New"> 

<font
size=2 face="Courier New"> 

<span style='font-size:10.0pt;
font-family:Arial'> 










More information about the Ale mailing list