|
opening port, newb alert :)
heres my fw script, im trying to get ssl/irc/linknet working so i need port 113 let thru for identd. any solutions to help out a linux newbie ?
#!/bin/sh ### set up NAT host masquerading on eth0 iptables -t nat -A POSTROUTING -s 10.4.20.0/24 -o eth0 -j MASQUERADE iptables -N block iptables -F block # allow localhost network access iptables -A block -i lo -p all -j ACCEPT iptables -A block -o lo -p all -j ACCEPT # allow established and related conections from outside iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT # allow all connections on all interfaces EXCEPT eth0 (external) iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT # allow inbound FTP, SSH, HTTP iptables -A block -p tcp --dport http -j ACCEPT iptables -A block -p tcp --dport ftp -j ACCEPT iptables -A block -p tcp --dport ssh -j ACCEPT # drop everything else iptables -A block -j DROP # apply block filter to INPUT iptables -A INPUT -j block echo "1" >> /proc/sys/net/ipv4/ip_forward thx in advance, great board btw. |
1. You've got "block" in there instead of the chain, which should be either INPUT, OUTPUT, FORWARD. You've also used it in the target as well, which I think should be DROP or REJECT.
2. You need some prerouting rules. Something like: iptables -A PREROUTING -t nat -d firewallsaddress -p tcp --dport X -j DNAT --to-destination 10.4.20.0 Where X is the port you want to forward. 3. It's hard to decipher your rules, but you'll need some forwarding rules in there as well. Something like: iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 80 -m state NEW,RELATED -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT Try making those changes and see if that works. If not then post your modified rules. |
Just realized that you did a user defined chain (iptables -N block). That makes alot more sense now. That should work for the INPUT rules, but you need to add the PREROUTING and FORWARD rules to masquerade.
|
| All times are GMT -5. The time now is 06:56 PM. |