iptables and forwarding

rincewind · 03-29-2004, 09:40 PM

Hi..
I've think i've tried and RTFM:ed everything.=)

What i'm trying to do is to configurate this remote server with iptables.

This computer has 3 NICs eth0,eth1 and eth2...

eth1 is plugged to the internet. eth2 is the internal network behind the server. (eth0 is not in use right now)
The server does some NAT between internet and eth2 and that works fine.

Yet I want all the traffic from internet port 80 going to a webserver on the internal network with ipadress 192.168.0.222

My current iptables setup is as following:

Code:

modprobe ipt_MASQUERADE
iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o eth1  -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
iptables -P INPUT DROP
iptables -A FORWARD -i eth1 -o eth1 -j REJECT
#used for accepting port 22..
iptables -A INPUT --protocol tcp --dport 22 -j ACCEPT

Im using 2.6.4 kernel and has everything in the kernel.

is there someone who can tell me how to manage that every port 80 TCP package from eth1 (the internet), reaches eth2 192.168.0.222
and can send the information back to the requester.

Is there some ninja out there who can help me with this=)..?

Regardz,
-- Rincewind

rincewind · 03-30-2004, 10:38 AM

hey, learned something
if i add this row people can connect to the webserver

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.222

yet people on the inside can't surf (port 80)..

suggestions?
please?=)

Regardz,
-- Rincewind

Arron · 03-30-2004, 11:23 AM

I would recomend ARNO's Iptables script. You can set it for any eth device, and i think there is some info on more than 2 devices. As well it has masqurade port forwarding etc and ways to help secure you box pretty well. Even if you dont use it, it may have some helpfull info in the docs/scripts.