LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-28-2004, 03:11 PM   #1
kapcreations
LQ Newbie
 
Registered: Dec 2004
Posts: 1

Rep: Reputation: 0
Question dnat


Running RHEL v3.

Topology:

Dynamic IP CABLE --> REHL v3 Router --> Home LAN 10.0.0.0/24

My router has two interfaces, eth0 (public/dynamic) and eth1 (private/static/10.0.0.1)

Problem:
1) I know very little about Linux and am struggling with DNAT
2) Want to access some services on my XP box behind the firewall
3) I want to hit the [dynamic IP]:8080 of my WAN on the linux box (eth0), and have it forward port 10.0.0.10:80 on my internal network
4) I want the configuration to take place within my script found at /etc/sysconfig/iptables so the DNAT is in place whenever iptables/network is restarted.

I have RTFM, and have no idea how the MAN applies to my specific scenario. After spending the last hour on Google, I figured I should swallow my pride and ask on this board. In other words I am a humble ID-TEN-T

What do I need to do? Here is a snippet of my script....

-------------------------------------------------------------------------

# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]

-A INPUT -j RH-Lokkit-0-50-INPUT


#Allow localhost
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT

#Allow the home network
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 192.168.1.0/24 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 192.168.1.0/24 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 10.0.0.0/24 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 10.0.0.0/24 -j ACCEPT


#Allow DNS
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 53 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 69 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 69 -j ACCEPT


#Allow SSH
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 -j ACCEPT

#Allow DHCP
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 67 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 67 -j ACCEPT

#MSN Messenger
-A RH-Lokkit-0-50-INPUT -p tcp --dport 1080 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp --dport 1080 -j ACCEPT

#We will reject these
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT

COMMIT
 
Old 12-28-2004, 04:12 PM   #2
Butt-Ugly
Member
 
Registered: Nov 2004
Location: Brisbane, Australia
Distribution: Fedora Core 5
Posts: 89

Rep: Reputation: 15
I have written this guide aimed specifically for ID-TEN-T users

http://www.brennan.id.au/06-Firewall_Concepts.html

It covers masquerading, SNAT, DNAT, and basic filtering concepts, there is also an example firewall script to get you started.

Yes I know it another RTFM but you should be able to follow it as Ive tried to keep it simple.

You should also find the other chapters useful if your lacking in Linux.

Cheers,


Miles.

Edit: The example script has some DNAT rules in it, they just need to be uncommented to use them.

Last edited by Butt-Ugly; 12-28-2004 at 04:14 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Dnat+fqdn roopunix Linux - Networking 5 07-28-2005 08:13 AM
DNAT not working stevesl Linux - Networking 13 05-16-2005 11:22 PM
dnat module jelgavchik Linux - Networking 1 01-18-2005 07:52 AM
Rules before DNAT Jacky1668 Linux - Security 2 05-17-2004 10:16 PM
iptables DNAT bentz Linux - Networking 15 05-19-2003 01:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration