LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page What's wrong with my iptable rules
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-11-2011, 12:37 PM   #1
987geek
LQ Newbie
 
Registered: Oct 2011
Posts: 3

Rep: Reputation: Disabled
Question What's wrong with my iptable rules

Hey everybody
I want to have a small network consisting of three PCs, a client connected to one side of a tarnsparent bridge and the other side of the bridge is connected to a server. I want the requests from the client to pass throught the bridge first without the client knows. Now, I did the iptables rules of the bridge, and from the client if I requested an http page on the server (I installed httpd on the server and put a simple http page in the www)it doesnt respond, so I was asking what may be going wrong.
both client and server are fedora, the bridge is ubuntu.
the iptable rules on the bridge

iptables -F
iptables -X

iptables -I FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -p tcp -m physdev --physdev-in eth0 --physdev-out eth1 -d 192.168.1.5 --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp -m physdev --physdev-in eth1 --physdev-out eth0 -m state --state RELATED,ESTABLISHED --dport 80 -j ACCEPT
iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth0 -j REJECT

and to make the bridge
sudo ifconfig eth0 promisc up
sudo ifconfig eth1 promisc up
sudo brctl addbr br0
sudo brctl addif br0 eth0
sudo brctl addif br0 eth1
sudo ifconfig eth0 0.0.0.0 up
sudo ifconfig eth1 0.0.0.0 up
sudo ifconfig br0 up

I'll appreciate any help
thanks!!
 
Old 10-12-2011, 05:01 AM   #2
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 193Reputation: 193
From a firewall perspective you need a rule to actually forward the traffic through the bridge, something along the lines of:
Code:
iptables -A PREROUTING -p tcp --dport 80 -i $client_facing_eth -j DNAT --to 192.168.1.5:80
But i havent done much with bridges, so that will probably need some work to accommodate the bridging side of things.
 
Old 10-12-2011, 05:57 AM   #3
987geek
LQ Newbie
 
Registered: Oct 2011
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks!
thanks for your help, but there is something worth mentioning, that I'll need to redirect all the incoming requests to the bridge on port 80 to another port on the bridge also (for example 6000) because I'll have a program on the bridge listening to this port and do the needed processing. I just omitted this part now for testing, but what I planed to write is

sudo iptables -A FORWARD -p tcp --dport 6000 -j ACCEPT
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp -dport 80 -j REDIRECT --to-port 6000

I really don’t know if it will work or not, I need help with the base part first!
 
Old 10-14-2011, 06:00 AM   #4
987geek
LQ Newbie
 
Registered: Oct 2011
Posts: 3

Original Poster
Rep: Reputation: Disabled
Unhappy help!
anybody here??!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
retrieve old iptable rules chethanzmail Linux - Networking 1 10-14-2010 08:54 PM
IPTable rules RecoilUK Linux - Security 1 05-27-2005 07:25 PM
Verifying IPTable rules... Ateo Linux - Networking 1 02-02-2005 03:33 PM
Help with IPtable Rules aqoliveira Linux - Security 3 12-10-2003 10:00 AM
Iptable rules for Gnutella al_erola Linux - Security 5 03-06-2002 03:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:49 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration