I have had no problems in the past on RH8. I installed RH9 and I cannot use my FW script to perform NAT/Port forwaring to my local servers.. Any Suggestions?

I did an everything install on RH9

What errors do you get? What script are you using?

Here is the script below... i don't get any errors it just does not add the prerouting lines for port forwarding. Even if I type the in manually, no errors just no show.



log() {
test -x "$LOGGER" && $LOGGER -p info "$1"
}

getaddr() {
dev=$1
name=$2
L=`$IP -4 addr show dev $dev | grep inet`
test "Z$L" == "Z" && {
echo "Interface $dev is down, its IP address is unknown. Can not install firewall policy."
exit 1
}
OIFS=$IFS
IFS=" /"
set $L
eval "$name=$2"
IFS=$OIFS
}


LSMOD="/sbin/lsmod"
MODPROBE="/sbin/modprobe"
IPTABLES="/sbin/iptables"
IP="/sbin/ip"
LOGGER="/usr/bin/logger"


cd /etc || exit 1

log "Activating firewall script generated Sat Jun 28 11:15:42 2003 PDT by root"

echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout

echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_intvl




$IPTABLES -P OUTPUT DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP



cat /proc/net/ip_tables_names | while read table; do
$IPTABLES -t $table -L -n | while read c chain rest; do
if test "X$c" = "XChain" ; then
$IPTABLES -t $table -F $chain
fi
done
$IPTABLES -t $table -X
done



MODULE_DIR="/lib/modules/`uname -r`/kernel/net/ipv4/netfilter/"
MODULES=`(cd $MODULE_DIR; ls *_conntrack_* *_nat_* | sed 's/\.o.*$//')`
for module in $(echo $MODULES); do
if $LSMOD | grep ${module} >/dev/null; then continue; fi
if [ -e "${MODULE_DIR}/${module}.o" -o -e "${MODULE_DIR}/${module}.o.gz" ]; then
$MODPROBE ${module} || exit 1
fi
done


#
# Rule 0(NAT)
#
#
$IPTABLES -t nat -A PREROUTING -p tcp -d 207.53.167.13 --destination-port 80 -j DNAT --to-destination 192.168.0.2:80
$IPTABLES -t nat -A OUTPUT -p tcp -d 207.53.167.13 --destination-port 80 -j DNAT --to-destination 192.168.0.2:80
#
#


$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

#
# Rule 0(global)
#
# ssh access to firewall
#
$IPTABLES -A INPUT -p tcp -d 192.168.0.1 --destination-port 22 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p tcp -d 207.53.167.13 --destination-port 22 -m state --state NEW -j ACCEPT
#
# Rule 1(global)
#
# firewall uses DNS server on Inet
#
$IPTABLES -A OUTPUT -p udp -s 192.168.0.1 --destination-port 53 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp -s 207.53.167.13 --destination-port 53 -m state --state NEW -j ACCEPT
#
#
echo 1 > /proc/sys/net/ipv4/ip_forward

Your default INPUT rule is drop and is probably droping hte packets before they get to the server. You will need a rule to accept connections to port 80.

I even tried to do a iptables -F first so all is accept and then add just a prerouting rule and it still doesn't show up... I have tried this on 2 diff RH9 boxes and no joy on either of them... Never had this issue on RH8.