Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have had no problems in the past on RH8. I installed RH9 and I cannot use my FW script to perform NAT/Port forwaring to my local servers.. Any Suggestions?
Here is the script below... i don't get any errors it just does not add the prerouting lines for port forwarding. Even if I type the in manually, no errors just no show.
log() {
test -x "$LOGGER" && $LOGGER -p info "$1"
}
getaddr() {
dev=$1
name=$2
L=`$IP -4 addr show dev $dev | grep inet`
test "Z$L" == "Z" && {
echo "Interface $dev is down, its IP address is unknown. Can not install firewall policy."
exit 1
}
OIFS=$IFS
IFS=" /"
set $L
eval "$name=$2"
IFS=$OIFS
}
$IPTABLES -P OUTPUT DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
cat /proc/net/ip_tables_names | while read table; do
$IPTABLES -t $table -L -n | while read c chain rest; do
if test "X$c" = "XChain" ; then
$IPTABLES -t $table -F $chain
fi
done
$IPTABLES -t $table -X
done
MODULE_DIR="/lib/modules/`uname -r`/kernel/net/ipv4/netfilter/"
MODULES=`(cd $MODULE_DIR; ls *_conntrack_* *_nat_* | sed 's/\.o.*$//')`
for module in $(echo $MODULES); do
if $LSMOD | grep ${module} >/dev/null; then continue; fi
if [ -e "${MODULE_DIR}/${module}.o" -o -e "${MODULE_DIR}/${module}.o.gz" ]; then
$MODPROBE ${module} || exit 1
fi
done
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Rule 0(global)
#
# ssh access to firewall
#
$IPTABLES -A INPUT -p tcp -d 192.168.0.1 --destination-port 22 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p tcp -d 207.53.167.13 --destination-port 22 -m state --state NEW -j ACCEPT
#
# Rule 1(global)
#
# firewall uses DNS server on Inet
#
$IPTABLES -A OUTPUT -p udp -s 192.168.0.1 --destination-port 53 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp -s 207.53.167.13 --destination-port 53 -m state --state NEW -j ACCEPT
#
#
echo 1 > /proc/sys/net/ipv4/ip_forward
Your default INPUT rule is drop and is probably droping hte packets before they get to the server. You will need a rule to accept connections to port 80.
I even tried to do a iptables -F first so all is accept and then add just a prerouting rule and it still doesn't show up... I have tried this on 2 diff RH9 boxes and no joy on either of them... Never had this issue on RH8.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.