Hi,
How would I setup port forwarding on my firewall below? For example, if I wanted to forward port 8080 to 192.168.0.5. Below is my firewall script. I have eth0 as my outside internet connection, and eth1 as the LAN. Any suggestions on how to improve this script in general would also be appreciated!!
Im also using redhat 9.0 if this helps.
Thanks!
Code:
#!/bin/sh
# set a few variables
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
iptables="/sbin/iptables"
# adjust /proc
if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then echo 1 > /proc/sys/net/ipv4/tcp_syncookies; fi
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter; fi
if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 > /proc/sys/net/ipv4/ip_forward; fi
# flush any existing chains and set default policies
$iptables -F INPUT
$iptables -F OUTPUT
$iptables -P INPUT DROP
$iptables -P OUTPUT ACCEPT
# setup nat
$iptables -F FORWARD
$iptables -F -t nat
$iptables -P FORWARD DROP
$iptables -A FORWARD -i eth1 -j ACCEPT
$iptables -A INPUT -i eth1 -j ACCEPT
$iptables -A OUTPUT -o eth1 -j ACCEPT
$iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
# allow all packets on the loopback interface
$iptables -A INPUT -i lo -j ACCEPT
$iptables -A OUTPUT -o lo -j ACCEPT
# allow established and related packets back in
$iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# blocked hosts
#$iptables -I INPUT -s 212.5.86.163 -j DROP
#$iptables -I FORWARD -s 212.5.86.163 -j DROP
# icmp
$iptables -A OUTPUT -p icmp -m state --state NEW -j ACCEPT
$iptables -A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -A INPUT -p icmp --icmp-type echo-request -i eth0 -j DROP
# apply icmp type match blocking
$iptables -I INPUT -p icmp --icmp-type redirect -j DROP
$iptables -I INPUT -p icmp --icmp-type router-advertisement -j DROP
$iptables -I INPUT -p icmp --icmp-type router-solicitation -j DROP
$iptables -I INPUT -p icmp --icmp-type address-mask-request -j DROP
$iptables -I INPUT -p icmp --icmp-type address-mask-reply -j DROP
# open ports to the firewall
$iptables -A INPUT -p udp --dport 27960 -j ACCEPT #Q3 Games / Wolf
$iptables -A INPUT -p udp --dport 14567 -j ACCEPT #BF1942
$iptables -A INPUT -p udp --dport 20100 -j ACCEPT #SOF2
$iptables -A INPUT -p udp --dport 12300 -j ACCEPT #GameSpy
$iptables -A INPUT -p udp --dport 27900 -j ACCEPT #GameSpy
$iptables -A INPUT -p tcp --dport 28900 -j ACCEPT #GameSpy
$iptables -A INPUT -p udp --dport 23000:23009 -j ACCEPT #GameSpy
$iptables -A INPUT -p tcp --dport 22 -j ACCEPT #SSH
$iptables -A INPUT -p tcp --dport 80 -j ACCEPT #HTTP
$iptables -A INPUT -p tcp --dport 27666 -j ACCEPT #DOOM3
$iptables -A INPUT -p udp --dport 27666 -j ACCEPT #DOOM3
$iptables -A INPUT -p tcp --dport 27650 -j ACCEPT #DOOM3
$iptables -A INPUT -p udp --dport 27650 -j ACCEPT #DOOM3
$iptables -A INPUT -p udp --dport 8767 -j ACCEPT #TEAMSPEAK
$iptables -A INPUT -p tcp --dport 14534 -j ACCEPT #TS WEB ADMIN
# drop all other packets
$iptables -A INPUT -i eth0 -p tcp --dport 0:65535 -j DROP
$iptables -A INPUT -i eth0 -p udp --dport 0:65535 -j DROP
[/edit]
