LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Help!!! Setting up a firewall using IPTables (https://www.linuxquestions.org/questions/linux-networking-3/help-setting-up-a-firewall-using-iptables-78839/)

seidren 08-04-2003 08:16 AM
Help!!! Setting up a firewall using IPTables
 
I have been trying to setup a firewall using IPTables but have found no success so far. Here is the layout of the network I am trying to make.

There are two networks.
The first one has IP addresses 10.45.2.1-255 (External Lan)
The second one has IP addresses 10.1.0.1-255 (Internal Lan)

A machine on the Internal Lan is the mail server (10.1.0.1)

I have a computer with 2 ethernet cards

Currently all the computers access the mail server directly with the IP address 10.1.0.1.

What I want to do is to restrict the computers in the External Lan from using the mail server directly. They will access the mail server with a fake IP address 10.45.2.100.

For this I have setup the firewall/router computer with the 2 ethernet cards like this

eth0 - IP address = 10.45.2.1 (Facing External Lan)
eth1 - IP address = 10.1.0.240 (Facing Internal Lan)

and I have setup rules so that incoming packets to the eth0 side with a destination address of the fake mail server (10.45.2.100) will be redirected to the actual destination (10.1.0.1) like this

iptables -t nat -A PREROUTING -p tcp -i eth0 -d 10.45.2.100 -j DNAT --to-destination 10.1.0.1

also I have setup rules so that replies from the mail server to the external lan will have their source address changed from 10.1.0.1 to 10.45.2.100

iptables -t nat -A POSTROUTING -p tcp -i eth0 -s 10.1.0.1 -j SNAT --to-source 10.45.2.100

I also want to block the external lank from accessing the internal lan so I have done this

iptables -A INPUT -p tcp -i eth0 -d 10.1.0.0 -j REJECT


This setup didnt work. So I took off the last rule (Rejecting one) and tried again.

When I pinged from one of the external lan machines (10.45.2.2), I was able to ping 10.1.0.1 but not 10.45.2.100
When I did a traceroute from the external machine, for 10.1.0.1 I got only two IPs one was the 10.45.2.1 and the other was 10.1.0.1. I was expecting 10.1.0.240 in between the two.

I really dont know what is happening here. And I need your help. PLEASE !!!

If you need further clarification please let me know. I'll try my best to be clear.

mindnumbed 08-04-2003 04:07 PM
you'd be better off using a firewall config tool, such as shorewall. that makes it very simple to do things like that.

Iturbide 08-20-2003 02:27 PM
See if a firewall script from http://easyfwgen.morizot.net/ will do the trick. Usually works for me.


All times are GMT -5. The time now is 03:42 AM.