iptables with port forwarding problem ... please help me
Hi.
I have a linux router running CentOS 4.2. I want to redirect all trafic coming on eth1 (external interface) to an internal computer (through eth0), say 192.168.0.1
How can I do that ? I tried many rules, but none worked. Please help me ... I'm confident that this forum has smart guys to answer this question. Below is my firewall and routing script, without any port forwarding rules, because they don't work. I searched the forum, tried that rules, but still not working. please tell me what rule I have to add.
Thanxs in advance.
I A /etc/rc.firewall (sh) Row 1 Col 1 10:12 Ctrl-K H for help
#!/bin/sh
iptables -F
# Trimitem orice ... acceptam numai ce vrem
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# Reguli propriu zise ...
iptables -A INPUT -p tcp -m multiport --dport 21,53,80,110,143,411,443,6238,8008 -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 80 -j ACCEPT
# Lasam sa mearga orice pe localhost
iptables -A INPUT -m state --state "ESTABLISHED,RELATED" -j ACCEPT
# DoS
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
# The thing that actually does NAT !
iptables -t nat -F
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe ip_nat_irc
iptables -A INPUT -i eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth1 -j SNAT --to-source 81.196.xxx.xx
|