Solved the problem. Here is my complete solution-
/sbin/iptables -F
/sbin/iptables -F -t nat
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1433 -j DNAT --to-destination 192.168.0.100:1433
echo 1 > /proc/sys/net/ipv4/ip_forward
I had this setup from the begining but still I could not connect to sql server from the internet.
The problem was that I had not set the linux server as gateway in the SQL Server machine. Since the sql server does not work as a work station, it does not need to go to the net, so there was no gateway present.
The moment I set its gateway to 192.168.0.98 (my linux server) I was able to connect.
The next step for me will be to make the network secure.
I googled and came up with some scripts which are supposed to block some simple attacks like syn/fin.
I basically need three ports open.
ssh - directly to linux
1433(ms-sql-s) - DNAT to 192.168.0.100
14330 - DNAT to 192.168.0.200:1433 (another sql server)
What sort of security precautions should I take?
Any pointers will be appreciated.
|