Hi,

I have setup a fedora/iptables firewall with static public ip address.

The fierwall m/c has two lan cards

eth0 - local ip
eth1 - public ip

We have a mssql database server at 192.168.0.100

My IPTABLE script -

/sbin/iptables -F
/sbin/iptables -F -t nat
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1433 -j DNAT --to-destination 192.168.0.100:1433

But I am unable to connect to my sql server.
I can ping my public ip address from the net.

Please help

I think that by having your server on adress at 192.168.0.100 you are in essence referring to any address on the 192.168.0.0 subnet. You might want to change the address to 192.168.1.100. I hope that helps.

Solved the problem. Here is my complete solution-

/sbin/iptables -F
/sbin/iptables -F -t nat
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1433 -j DNAT --to-destination 192.168.0.100:1433

echo 1 > /proc/sys/net/ipv4/ip_forward

I had this setup from the begining but still I could not connect to sql server from the internet.

The problem was that I had not set the linux server as gateway in the SQL Server machine. Since the sql server does not work as a work station, it does not need to go to the net, so there was no gateway present.
The moment I set its gateway to 192.168.0.98 (my linux server) I was able to connect.

The next step for me will be to make the network secure.

I googled and came up with some scripts which are supposed to block some simple attacks like syn/fin.

I basically need three ports open.
ssh - directly to linux
1433(ms-sql-s) - DNAT to 192.168.0.100
14330 - DNAT to 192.168.0.200:1433 (another sql server)

What sort of security precautions should I take?

Any pointers will be appreciated.