Greetings,
After following the MASQ howto with the stronger firewall ruleset and successfully connecting my lan to the internet through a RedHat9 box.
I couldn't forward a port 8095. to the same port on one of my lan comps (apache web server runs on 8095)
Here's what I've tried to insert (you can see that it's before the line where everything else is denied)
###enabling port forwarding byDave
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8095 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp -i $EXTIF --dport 8095 -j DNAT --to 192.168.0.3:8095
###port forwarding end
#!!! this is the stuff that was there originally just here for reference
# Catch all rule, all other forwarding is denied and logged.
#
$IPTABLES -A FORWARD -j drop-and-log-it
so this is where port forwarding doesn't work.
here's the output of the iptables -L command: (in ######## below)
do I have a major security flow here? and why the port forwarding doesn't work.
Thank you very much,
David
#####################################
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.0.0/24 anywhere
drop-and-log-it all -- 192.168.0.0/24 anywhere
ACCEPT all -- anywhere 38002137.cpe.net.cable.rogers.com state RELATED,ESTABLISHED
drop-and-log-it all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:8095
drop-and-log-it all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 38002137.cpe.net.cable.rogers.com 192.168.0.0/24
ACCEPT all -- 192.168.0.0/24 192.168.0.0/24
drop-and-log-it all -- anywhere 192.168.0.0/24
ACCEPT all -- 38002137.cpe.net.cable.rogers.com anywhere
drop-and-log-it all -- anywhere anywhere
Chain drop-and-log-it (5 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
##################################