Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I am trying desperatly to set up this router. Its job is simple masquerading and forwarding of a few ports to one client, my squid proxy server. I have put in all the rules that I think should make this work, but it doesn't work. I can browse from the router but not from the squid server, and none of the ports are being forwarded. I know there is an error here somewhere, I just can't seem to see it. Can someone provide me with a clue please. Thanks.
Here is my rule generator...
#!/bin/sh
#------------------------------------ Iptables Firewall Rule Generator for Vulture I Router ---------------------------------------
#
# Written March 2003. Licensed under the GPL. Distribute freely.
#-----------------------------------------------------------------------------------------------------------------------------------
#-------------
# Prep work!
#-------------
# Disable network interfaces prior to shutting down the firewall
#echo "Network going down for firewall service"
#/etc/init.d/network stop
# Shut down the firewall for service.
echo "Firewall shutting down"
/etc/init.d/iptables stop
# Deleting the old ruleset from /etc/sysconfig and clearing rules from memory
echo "Out with the old (rules)"
rm --force /etc/sysconfig/iptables
iptables -F
iptables -t nat -F
iptables -X
# Enable port forwarding support
echo "1" > /proc/sys/net/ipv4/ip_forward
#---------------------------------------------------------------------------------------------------------------------------------
# Routing table rules by table
#---------------------------------------------------------------------------------------------------------------------------------
# Establish Default Policies for the following Tables
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
#---------------------------------------------------------------------------------------------------------------------------------
# PREROUTING TABLE
#---------------------------------------------------------------------------------------------------------------------------------
# Forward all incoming mail connections to Raptor II mail server
iptables -t nat -A PREROUTING -p tcp -i $EXTINT --dport 25 -j DNAT --to-destination $RAPTOR:25
iptables -t nat -A PREROUTING -p tcp -i $EXTINT --dport 1352 -j DNAT --to-destination $RAPTOR:1352
# Forward incoming http connections to Raptor for routing to the mail server.
#iptables -t nat -A PREROUTING -p tcp -i $EXTINT --dport 80 -j DNAT --to-destination $RAPTOR:80
# Forwarding to/from local network
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state NEW -i ! $EXTINT -j ACCEPT
#-------------------------------------------------------------------------------------------------------------------------------------
# OUTPUT TABLE
#--------------------------------------------------------------------------------------------------------------------------------------
iptables -A OUTPUT -p all -s $LOCALHOST -j ACCEPT
iptables -A OUTPUT -p all -s $INTRA -j ACCEPT
iptables -A OUTPUT -p all -d $LOCALHOST -j ACCEPT
iptables -A OUTPUT -p all -d $INTRA -j ACCEPT
iptables -A OUTPUT -o $EXTINT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $INTINT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
router not routing/masquerading. Why?
