The iptable addition is there to redirect incoming port 113(ident) to the machine with the identd (192.168.0.4), however its not working!
here is my iptables script. As far as I know the identdaemon on 192.168.0.4 cannot listen on the port. What is wrong with the script!?
Quote:
############ Iptables setup ###############
extint="eth1" # External Interface (internet)
intint="eth0" # Internal Interface (internal lan)
extip="144.132.35.236" # External IP
intip="192.168.10.1" # Internal IP
#
# Enable ipforward, ping echos and ipdynamic addressing
#
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#
###############################################
###############################################
#
# Set input, forward policies to DROP everything
# and flush existing rules
#
#/sbin/iptables -P INPUT DROP
/sbin/iptables -F INPUT
#/sbin/iptables -P FORWARD DROP
#we want to allow everything out
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -F OUTPUT
#
###############################################
#
# Enable local interface
#
/sbin/iptables -A INPUT -i lo -j ACCEPT
#
# End local services
#
###############################################
# Squid Server
#
/sbin/iptables -A INPUT -i $extint -p tcp --sport 80 -d $extip --dport 1024:65535 -j ACCEPT
###############################################
#
# accept all pings
#
/sbin/iptables -A INPUT -i $extint -p icmp -j ACCEPT
#
###############################################
# Masquerade and Transparent Proxying
#
# masq LAN traffic
/sbin/iptables -t nat -A POSTROUTING -o $extint -j MASQUERADE
#
# redirect all LAN clients to the filtering port
#/sbin/iptables -t nat -A PREROUTING -i $intint -p tcp --dport 80 -j REDIRECT --to-port 3128
#/sbin/iptables -t nat -A PREROUTING -i eth0 -s USER -p tcp --dport 80 -j DNAT --to $intip:3128
#allow the proxy to be reached
iptables -A OUTPUT -o eth1 -s $extip -p tcp --dport 80 -j ACCEPT
# Allow the proxy server to get out
iptables -A OUTPUT -o eth1 -j ACCEPT
# Allow the proxy server to get out
iptables -A OUTPUT -o eth1 -j ACCEPT
#iptables -A INPUT -i eth0 -s $extip -p tcp -d $intint --dport 3128 -j ACCEPT
# Allow established and related packets back in:
iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -i eth1 -j ACCEPT
#Forward ident port to Dell Inspiron
iptables -A PREROUTING -t nat -p tcp -i eth1 --dport 113 -j DNAT --to 192.168.0.4
#If all else fails
#iptables -A INPUT -p ALL -i eth0 -s 192.168.0.0/24 -j ACCEPT
|
Thanks in advance