Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Hi, I am having some trouble forwarding ports one my Gentoo router. Everything is working great except for the port forwarding. I figure it is probably a stupid mistake, but time is a factor here and I have not been able to come up with my own solution thus far. Any help would be greatly appreciated.
The goal: Forward external ports (eth0 12.215.xxx.xxx) to internal IP addresses (eth1 192.168.1.0/24). I am mainly concerned with port 80.
My current script:
#----Flush Old Rules----#
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t mangle
iptables -F -t nat
#----Set Default Policies----#
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
#------Turn on NAT------#
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
#----Enable IP forwarding (of incoming packets)----#
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.4:80
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2 -j DNAT --to 192.168.1.2:2
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3 -j DNAT --to 192.168.1.3:3
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 4 -j DNAT --to 192.168.1.4:4
iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#----Masq to Gateway----#
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth1 -d 192.168.1.1 -p all -j ACCEPT
#----Net to Local----#
iptables -A INPUT -i eth0 -s 0/0 -d 0/0 -p tcp --dport 3784 -j ACCEPT
iptables -A INPUT -i eth0 -s 0/0 -d 0/0 -p tcp --dport 10000 -j ACCEPT
iptables -A INPUT -i eth0 -s 0/0 -d 0/0 -p tcp --dport 22 -j ACCEPT
#----Drop other Junk----#
iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 3 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 11 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -m limit --limit 1/second -j ACCEPT
iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -p udp --sport 137 --dport 137 -j DROP
I wondered that also... I set up a webserver on the router and allowed connections to port 80 and was able to connect. I also use ports 2-4 for other traffic, which I am unable to connect to. I am sure it is a problem with my configuration on the linux box itself, but I cannot figure out where.
I went to the website you recommended and had a custom script created. It worked great! I moved several lines from my old script to the new one and it is running beautifully. I compared the two and the only difference I noticed was the default policy "iptables -P FORWARD DROP" in the working script and the order of the commands. I assume one of those issues was causing my problem. Thank you for the help.
BTW... I would highly recommend http://iptables-script.dk/index1.php to others who are attempting to set up a NAT router. I wish I had known about it before I wasted all that time troubleshooting my script.