Firewall Rules Problem with Iptables
Ok, so I ahve this firewall script.....and the MASQ part of it works and so does the port forwarding for the web server on my internal network. However, I need my internal network to be able to browse to the EXTERNAL IP of my router box and see the web server on the internal network. Using the web server's 192.168.0.2 IP address will not do for my application. I tried a couple different things with the REDIRECT function of iptables, but no dice.
I am running RedHat 7.3.
Here's my current script. What must I add in order to get the web server redirection for my internal network funcitonal?
#############################################################
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
echo " clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo " FWD: Allow all connections OUT and only existing and related ones IN"
PORTFWIP="192.168.0.2"
EXITIP="x.x.x.x"
INTIP="192.168.0.2"
$IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXITIP --dport 80 -j DNAT --to $PORTFWIP:80
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "\nrc.firewall-2.4 v$FWVER done.\n"
#############################################################
Thanks in advance,
Jeremy
|