LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-16-2002, 02:12 PM   #1
JereBear
LQ Newbie
 
Registered: Mar 2001
Posts: 17

Rep: Reputation: 0
Firewall Rules Problem with Iptables


Ok, so I ahve this firewall script.....and the MASQ part of it works and so does the port forwarding for the web server on my internal network. However, I need my internal network to be able to browse to the EXTERNAL IP of my router box and see the web server on the internal network. Using the web server's 192.168.0.2 IP address will not do for my application. I tried a couple different things with the REDIRECT function of iptables, but no dice.

I am running RedHat 7.3.


Here's my current script. What must I add in order to get the web server redirection for my internal network funcitonal?


#############################################################

IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"

echo " clearing any existing rules and setting default policy.."

$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo " FWD: Allow all connections OUT and only existing and related ones IN"

PORTFWIP="192.168.0.2"
EXITIP="x.x.x.x"
INTIP="192.168.0.2"

$IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p tcp -d $EXITIP --dport 80 -j DNAT --to $PORTFWIP:80



$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

echo -e "\nrc.firewall-2.4 v$FWVER done.\n"

#############################################################

Thanks in advance,

Jeremy
 
Old 06-16-2002, 04:28 PM   #2
JereBear
LQ Newbie
 
Registered: Mar 2001
Posts: 17

Original Poster
Rep: Reputation: 0
although I did find a more than fucntional work-around in the web application code, I am still more than happy to learn how to do this.

So at this point, its all about learning, not getting it done fast.

Thanks,

Jeremy
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
what's problem in my iptables rules? ayiiq180 Linux - Software 4 12-19-2004 08:23 AM
Problem Iptables, Firewall rules. Can anybody help ? ZliTroX Linux - Networking 9 09-06-2004 04:48 PM
iptables firewall rules not surviving reboot BurceB7 Linux - Newbie 3 03-11-2004 11:45 AM
Suse firewall and custom iptables rules guerilla fighta Linux - Software 1 01-05-2003 07:44 AM
Firewall Rules for daemons (Iptables) robeb Linux - Security 5 05-31-2002 04:27 PM


All times are GMT -5. The time now is 06:57 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration