LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-28-2003, 09:31 PM   #1
dwest576
LQ Newbie
 
Registered: Dec 2002
Posts: 11

Rep: Reputation: 0
Port Forwarding RedHat 9


I have had no problems in the past on RH8. I installed RH9 and I cannot use my FW script to perform NAT/Port forwaring to my local servers.. Any Suggestions?

I did an everything install on RH9
 
Old 06-29-2003, 12:46 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 67
What errors do you get? What script are you using?
 
Old 06-29-2003, 01:00 PM   #3
dwest576
LQ Newbie
 
Registered: Dec 2002
Posts: 11

Original Poster
Rep: Reputation: 0
Here is the script below... i don't get any errors it just does not add the prerouting lines for port forwarding. Even if I type the in manually, no errors just no show.



log() {
test -x "$LOGGER" && $LOGGER -p info "$1"
}

getaddr() {
dev=$1
name=$2
L=`$IP -4 addr show dev $dev | grep inet`
test "Z$L" == "Z" && {
echo "Interface $dev is down, its IP address is unknown. Can not install firewall policy."
exit 1
}
OIFS=$IFS
IFS=" /"
set $L
eval "$name=$2"
IFS=$OIFS
}


LSMOD="/sbin/lsmod"
MODPROBE="/sbin/modprobe"
IPTABLES="/sbin/iptables"
IP="/sbin/ip"
LOGGER="/usr/bin/logger"


cd /etc || exit 1

log "Activating firewall script generated Sat Jun 28 11:15:42 2003 PDT by root"

echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout

echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_intvl




$IPTABLES -P OUTPUT DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP



cat /proc/net/ip_tables_names | while read table; do
$IPTABLES -t $table -L -n | while read c chain rest; do
if test "X$c" = "XChain" ; then
$IPTABLES -t $table -F $chain
fi
done
$IPTABLES -t $table -X
done



MODULE_DIR="/lib/modules/`uname -r`/kernel/net/ipv4/netfilter/"
MODULES=`(cd $MODULE_DIR; ls *_conntrack_* *_nat_* | sed 's/\.o.*$//')`
for module in $(echo $MODULES); do
if $LSMOD | grep ${module} >/dev/null; then continue; fi
if [ -e "${MODULE_DIR}/${module}.o" -o -e "${MODULE_DIR}/${module}.o.gz" ]; then
$MODPROBE ${module} || exit 1
fi
done


#
# Rule 0(NAT)
#
#
$IPTABLES -t nat -A PREROUTING -p tcp -d 207.53.167.13 --destination-port 80 -j DNAT --to-destination 192.168.0.2:80
$IPTABLES -t nat -A OUTPUT -p tcp -d 207.53.167.13 --destination-port 80 -j DNAT --to-destination 192.168.0.2:80
#
#


$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

#
# Rule 0(global)
#
# ssh access to firewall
#
$IPTABLES -A INPUT -p tcp -d 192.168.0.1 --destination-port 22 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p tcp -d 207.53.167.13 --destination-port 22 -m state --state NEW -j ACCEPT
#
# Rule 1(global)
#
# firewall uses DNS server on Inet
#
$IPTABLES -A OUTPUT -p udp -s 192.168.0.1 --destination-port 53 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp -s 207.53.167.13 --destination-port 53 -m state --state NEW -j ACCEPT
#
#
echo 1 > /proc/sys/net/ipv4/ip_forward
 
Old 06-29-2003, 01:08 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 67
Your default INPUT rule is drop and is probably droping hte packets before they get to the server. You will need a rule to accept connections to port 80.
 
Old 06-29-2003, 02:06 PM   #5
dwest576
LQ Newbie
 
Registered: Dec 2002
Posts: 11

Original Poster
Rep: Reputation: 0
I even tried to do a iptables -F first so all is accept and then add just a prerouting rule and it still doesn't show up... I have tried this on 2 diff RH9 boxes and no joy on either of them... Never had this issue on RH8.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 07:35 PM
Simple Port Forwarding Firewall - not forwarding MadTurki Linux - Security 14 04-09-2006 12:08 PM
How do I do port forwarding redhat? tethysgods Linux - Hardware 1 08-02-2004 05:37 PM
Port Forwarding on RedHat 9 with single NIC brianv Linux - Networking 5 05-31-2004 06:36 PM
IPChains + port forwarding + redhat 7.2 purduephotog Linux - Networking 2 04-22-2002 04:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration