Rules for Firewall
hi, i tried to build a linux firewall using Centos 5.4 but not sucessfully.
Topology: RangeIP Public <--->Firewall<--->HTTP Server 1. Firewall server includes 2 NIC: NIC 01 have 2 IP public 64.34.34.1&2 NIC 02 has 1 internal IP 10.0.0.1 2. HTTP Server include 1 NIC NIC 1: 10.0.0.2 I want to config to every body can access to webserver (10.0.0.2) Use Iptables, i try to write rules on FireWall Server bellow: #iptables -t nat -A PREROUTING -t tcp -i eth0 --dport 80 -d <IP PUBLIC> -j DNAT --to 10.0.0.2:80 #iptables -t nat -A POSTROUTING -t tcp -s 10.0.0.2 -j SNAT --to <IP PUBLIC> But not sucessfully. Please help me ! |
What is it that is not working and how can you tell?
Naturally everyone can access the web server if you just turn forwarding on for everyone. Since you are running a firewall, I guess there are some people or some kinds of access you want to block. Instead of direct IP forwarding, you may want to try IP masquerade - normally used at gatways - or try setting your firewall box as a bridge or transparent proxy. I wouldn't normally use both pre and post-routing. example of a gateway firewall: http://www.linuxquestions.org/questi...0/#post2224036 ... and an example with masquerade: http://www.linuxquestions.org/questi...2/#post2790552 ... as a bridge: http://www.linuxjournal.com/article/8172 ... transparent proxy: http://www.faqs.org/docs/Linux-mini/...rentProxy.html ... now, typical free software, you have too many choices. Happy hacking. |
What your forward flag say
/proc/sys/net/ipv4/ip_forward Also shouldn't you just use the FORWARD chain instead |
/proc/sys/net/ipv4/ip_forward = 0
I want when every body access from internet by IP Public, HTTP traffic will throught firewall into HTTP Server ? |
That should be 1
Putting it in the network init script will do it echo "1" > /proc/sys/net/ipv4/ip_forward You can also try putting it in your sysconfig file /etc/sysconfig/network-scripts/ifcfg-eth0 (Referencing redhat here) FORWARD_IPV4="Yes" This you will have to test, it changes from distro to distro and version to version |
All times are GMT -5. The time now is 07:09 PM. |