ok I know there are a million IPTABLES threads, but.... see inside

I've been trying to get these two lines to work, but it doesn't work still, I have to get this working by tomorrow =(

Code:

iptables -A FORWARD -s 0/0 -i eth1 -d 172.16.19.2 -o eth0 -p TCP --sport 1024:65535 -m multiport --dports 9090,2020 -j ACCEPT
 
iptables -A FORWARD -d 0/0 -o eth1 -s 172.16.19.2 -i eth0 -p TCP -m state --state ESTABLISHED -j ACCEPT

You (I think) should try rules like this:

iptables -t nat -A PREROUTING -i eth1 -d 192.168.43.153 -j DNAT --to 172.16.19.1
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

Quote:

Originally Posted by nimnull22 You (I think) should try rules like this: iptables -t nat -A PREROUTING -i eth1 -d 192.168.43.153 -j DNAT --to 172.16.19.1 iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward

thanks, im trying that now! i'll let you know in a couple of minutes

Quote:

Originally Posted by alesserfate thanks, im trying that now! i'll let you know in a couple of minutes

its not working, i don't understand why, everything is pinging good

maybe the other statements in my script aren't permitting it or the order is wrong.

dammit.

Quote:

Originally Posted by alesserfate its not working, i don't understand why, everything is pinging good maybe the other statements in my script aren't permitting it or the order is wrong. dammit.

Because it is only for ONE WAY.

I gave you an example, you know how it should be.
Try to add
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

Quote:

Originally Posted by alesserfate I don't want to use MASQUERADING, I just want to allow/forward specific services through. Still can't figure it out. Anyone ?

do me a favour please.
add some logging, then lets start testing the rules a bit. im a bit muddled as to where you are up to on this.
so please do this.

Code:

iptables -N LOG_DROP
iptables -A LOG_DROP -j LOG --log-prefix "dropped packet" --log-level 7
iptables -A LOG_DROP -j DROP

then, at the end of INPUT, OUTPUT, FORWARD and any other chain, add the LOG_DROP rule.
that is anything that isnt allowed through the firewall is logged and dropped.

Now, tail -f /var/log/yourfirewalllog whilst testing the rules.
You should see which packets are being blocked and can then allow them in the appropriate rule. If you have trouble with this, please post relevant logs

Quote:

Originally Posted by centosboy do me a favour please. add some logging, then lets start testing the rules a bit. im a bit muddled as to where you are up to on this. so please do this. Code: iptables -N LOG_DROP iptables -A LOG_DROP -j LOG --log-prefix "dropped packet" --log-level 7 iptables -A LOG_DROP -j DROP then, at the end of INPUT, OUTPUT, FORWARD and any other chain, add the LOG_DROP rule. that is anything that isnt allowed through the firewall is logged and dropped. Now, tail -f /var/log/yourfirewalllog whilst testing the rules. You should see which packets are being blocked and can then allow them in the appropriate rule. If you have trouble with this, please post relevant logs

have you got this working yet??
there is another way
bit simpler too...
there is a tool called rinetd. it might be a bit old but it still works.
It is downloadable as a daemon or a perl script.

http://www.google.co.uk/search?q=rin...ient=firefox-a

hey guys

thanks so much for everyone's help

i wasn't able to get it working and i failed my project

thanks anyway, hopefully I can still pass the course

Quote:

Originally Posted by alesserfate hey guys thanks so much for everyone's help i wasn't able to get it working and i failed my project thanks anyway, hopefully I can still pass the course

sorry to hear that..