Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
03-21-2003, 06:25 PM
|
#1
|
|
Senior Member
Registered: Feb 2003
Location: The Arctic
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820
Rep: 
|
router not routing/masquerading. Why?
I am trying desperatly to set up this router. Its job is simple masquerading and forwarding of a few ports to one client, my squid proxy server. I have put in all the rules that I think should make this work, but it doesn't work. I can browse from the router but not from the squid server, and none of the ports are being forwarded. I know there is an error here somewhere, I just can't seem to see it. Can someone provide me with a clue please. Thanks.
Here is my rule generator...
#!/bin/sh
#------------------------------------ Iptables Firewall Rule Generator for Vulture I Router ---------------------------------------
#
# Written March 2003. Licensed under the GPL. Distribute freely.
#-----------------------------------------------------------------------------------------------------------------------------------
#-------------
# Prep work!
#-------------
# Disable network interfaces prior to shutting down the firewall
#echo "Network going down for firewall service"
#/etc/init.d/network stop
# Shut down the firewall for service.
echo "Firewall shutting down"
/etc/init.d/iptables stop
# Deleting the old ruleset from /etc/sysconfig and clearing rules from memory
echo "Out with the old (rules)"
rm --force /etc/sysconfig/iptables
iptables -F
iptables -t nat -F
iptables -X
# Enable port forwarding support
echo "1" > /proc/sys/net/ipv4/ip_forward
# Load relevent modules
insmod ip_tables
insmod ip_conntrack
insmod ip_conntrack_ftp
insmod ipt_state
insmod iptable_nat
insmod ipt_MASQUERADE
#-----Done--------------------------------------------------------------------------------------------------------------------------
# Begin firewall generation
#---------------------------------------
# Variable definition section.
#---------------------------------------
LOCALHOST="127.0.0.1"
INTINT="eth0"
INTRA="192.168.10.0/24"
EXTINT="eth1"
RAPTOR="192.168.10.2"
#-----Done------------------------------
#---------------------------------------------------------------------------------------------------------------------------------
# Routing table rules by table
#---------------------------------------------------------------------------------------------------------------------------------
# Establish Default Policies for the following Tables
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
#---------------------------------------------------------------------------------------------------------------------------------
# PREROUTING TABLE
#---------------------------------------------------------------------------------------------------------------------------------
# Forward all incoming mail connections to Raptor II mail server
iptables -t nat -A PREROUTING -p tcp -i $EXTINT --dport 25 -j DNAT --to-destination $RAPTOR:25
iptables -t nat -A PREROUTING -p tcp -i $EXTINT --dport 1352 -j DNAT --to-destination $RAPTOR:1352
# Forward incoming http connections to Raptor for routing to the mail server.
#iptables -t nat -A PREROUTING -p tcp -i $EXTINT --dport 80 -j DNAT --to-destination $RAPTOR:80
#-------------------------------------------------------------------------------------------------------------------------------
# INPUT TABLE
#--------------------------------------------------------------------------------------------------------------------------------
# Accept all traffic from Raptor on internal network
iptables -A INPUT -i $INTINT -p all -j ACCEPT
# Accept all traffic originating on Vulture I
iptables -A INPUT -s $LOCALHOST -p all -j ACCEPT
# Allow all established connections to get back in from Internet
iptables -A INPUT -i $EXTINT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Explicitly allow incoming connections on ports to be forwarded to Raptor II
iptables -A INPUT -i $EXTINT -p tcp --dport 25 -j ACCEPT
#iptables -A INPUT -i $EXTINT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i $EXTINT -p tcp --dport 1352 -j ACCEPT
# Accept incoming ICMP requests. For testing the firewall
iptables -A INPUT -p ICMP -s 0/0 -j ACCEPT
#-----------------------------------------------------------------------------------------------------------------------------------
# FORWARD TABLE
#------------------------------------------------------------------------------------------------------------------------------------
# Mail connection forwarding
iptables -A FORWARD -i $EXTINT -d $RAPTOR -p tcp --destination-port 25 -j ACCEPT
iptables -A FORWARD -i $EXTINT -d $RAPTOR -p tcp --destination-port 1352 -j ACCEPT
# http connection forwarding
#iptables -A FORWARD -i $EXTINT -d $RAPTOR -p tcp --destination-port 80 -j ACCEPT
# Forwarding to/from local network
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state NEW -i ! $EXTINT -j ACCEPT
#-------------------------------------------------------------------------------------------------------------------------------------
# OUTPUT TABLE
#--------------------------------------------------------------------------------------------------------------------------------------
iptables -A OUTPUT -p all -s $LOCALHOST -j ACCEPT
iptables -A OUTPUT -p all -s $INTRA -j ACCEPT
iptables -A OUTPUT -p all -d $LOCALHOST -j ACCEPT
iptables -A OUTPUT -p all -d $INTRA -j ACCEPT
iptables -A OUTPUT -o $EXTINT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $INTINT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#--------------------------------------------------------------------------------------------------------------------------------------
# POSTROUTING TABLE
#--------------------------------------------------------------------------------------------------------------------------------------
iptables -t nat -A POSTROUTING -o $EXTINT -j MASQUERADE
#--------------------------------------------------------------------------------------------------------------------------------------
#------------------------------------------------- Rule generation is complete --------------------------------------------------------
#-------------------------------------
# Post generation clean up work.
#------------------------------------
# Save the rules to /etc/sysconfig so they will load on boot
iptables-save > /etc/sysconfig/iptables
# Start new and improved firewall
echo "Firewall starting up, please stand back!"
/etc/init.d/iptables start
#-------------------------------------------------------- End of Script----------------------------------------------------------------
|
|
|
|
|
03-24-2003, 11:30 AM
|
#2
|
|
Senior Member
Registered: Feb 2003
Location: The Arctic
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820
Original Poster
Rep:
|
bump. Anyone?
|
|
|
|
All times are GMT -5. The time now is 01:41 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
