Need Help with Firewall, iptables!!!!
I'm in need of help.
I can't get access to the internal web server form the outside externat ip
I have a firewall setup.
The internal lan can access the web.
I tried to setup Portfordwarding to an internal web server on port 80 ip 192.168.254.15.
here is the script I'm using.
I replaced my EXTIP with X
#!/bin/sh
PATH=/sbin:$PATH; export PATH
iptables -F
iptables -F -t nat
iptables -X
EXTIP=XXX.XXX.XXX.XXX
EXTNET=eth1
INTNET=eth0
iptables -t nat -A PREROUTING -p tcp --destination 440 -j ACCEPT
iptables -t nat -A PREROUTING -p TCP -i eth1 -d 204.$EXTIP --dport 80 -j DNAT --to 192.168.254.15:80
iptables -N firewall
iptables -A firewall -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A firewall -m state --state NEW -i ! $IFINET -j ACCEPT
iptables -A firewall -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT
iptables -A firewall -s 127.0.0.1 -d 192.168.254.0/24 -i lo -j ACCEPT
iptables -A firewall -d 127.0.0.1 -s 192.168.254.0/24 -i lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp -i eth1 -j ACCEPT
iptables -A INPUT -j firewall
iptables -A FORWARD -j firewall
iptables -A INPUT -j DROP
iptables -t nat -A POSTROUTING -o $EXTNET -j SNAT --to $EXTIP
iptables -A FORWARD -p TCP -i eth1 -o eth0 -d 192.168.254.15 --dport 80 -j ACCEPT
echo "1" >> /proc/sys/net/ipv4/ip_forward
Last edited by jamesws; 02-11-2002 at 05:53 PM.
|