Modifying this iptables script for non router use.
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Modifying this iptables script for non router use.
Ok - just got myself a wireless router.
Anyway I have know moved my Linux box behind the router.
The Linux box was being used as firewall web/ftp/ and email server as had 2 NICS in it and is running Redhat9. NIC1 is the one I would like to plug into the router and has a static ip of 192.168.0.1
On the router - I have port forwarded port 80 for web, 21 for ftp, 25 for email to 192.168.0.1
The question is - it dont work. I can browse the web pages on the linux box via 192.168.0.1 BUT not via the outside as I use dyndns to point to my dynamic ip. I have tried it out with a windows pc and IIS - so I know the port forwarding on the router works.
Am I correct it could be to do with my iptables - if so can somone advise me on what I need to modify in it.
Here is it:-
#This is my Iptables script. Used as firewall, routing, and filtering
#it script replaces /etc/init.d/iptables in RedHat 7.2. I also
#recommend making sym-links in /etc/rc.d/rc3.d, rc4.d, rc5.d.
#Make sure it loads before your network loads, that way you're
#always covered!
#
#This script may be used by anyone for any reason in accordance to the
#GNU License stuff
#----------------------------------------------------------------------
# Sources |
#----------------------------------------
. /etc/init.d/functions
. /etc/sysconfig/network
#----------------------------------------------------------
#CODE||||||||||||||||||||||||||||||||||||||||||||||||||||||
#----------------------------------------------------------
#Check that network is up. |
#----------------------------------------
if [ ${NETWORKING} = "no" ]
then
exit 0
fi
To start with - there isn't a great need for a software firewall behind a natted router since the router should provide the firewalling. Try to disable the software firewall and try again:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F -t nat
iptables -F
When you say it doesn't work - is that from both external and internal ip addresses? Does the dns entry resolve to the external or internal address?
Now - I have routered port 80, 25 and 21 for the web, email and ftp server to the ip I want as the Linux box - 192.168.0.1 - which was the NIC in the Linux box I was using internally (connected to my main pc).
So, I hook it all up to the router - the ip shows in the connected devices part of the router - but no hostname - but the mac address shows. I can browse the web pages etc if I use the internal ip - BUT I cannot get to it from outside - via the ip address of NTL.
So - I Ithen plug the NIC that I was using for my cable modem in the Linux box into the router, configured the DHCP server on the router as this nic was getting its ip via DHCP as did have a NTL cable modem hooked up to it.
Now - I can browse the web pages vi my external ip BUT not the internal one - (its been allocated 192.168.0.2). Under the router status - it shows its ip - its been given a host name of HOST1, and its mac address.
So - its routing ok
So - whats gone screwey.
I need to be able to access the Linux box by both its internal ip - aswell as the routed ports externally.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
