LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-05-2011, 09:04 AM   #1
cryptoboss
LQ Newbie
 
Registered: Mar 2011
Posts: 8

Rep: Reputation: 0
[FIREWALL] confused about setting up a specific rule using iptables


Hey there !!
IŽd like some help regarding this issue.
This is my scenario:
My firewall , wich is an Ubuntu server 10.10 , have 3 interfaces:
eth0(192.168.0.254):linked to the DMZ
eth1(192.168.1.254):linked to the LAN
eth3(212.217.0.1):linked to the Internet

-The DMZ have one web server with a static address (192.168.0.1).
-My LAN address range is (192.168.1.2-192.168.1.100) managed by a DHCP server in the same firwall machine.

There are some of the rules that I need to set up :
-Allow HTTP between the LAN and the internet
-Allow HTTP between the web server in the DMZ, and the internet.

So my question is :
Is there a way to tell the firewall , to redirect all incoming HTTP requests only to the web server in the DMZ ??

thanks .

Last edited by cryptoboss; 04-14-2011 at 09:20 AM.
 
Old 04-05-2011, 09:23 AM   #2
corp769
LQ Guru
 
Registered: Apr 2005
Location: /dev/null
Posts: 5,818

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
Code:
iptables -A FORWARD -i eth3 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i eth3 --dport 80 -j DNAT --to-destination 192.168.0.1:80
Something like this? Of course you might need to edit this to fully reflect your current iptables configuration.

Last edited by corp769; 04-05-2011 at 09:24 AM.
 
Old 04-05-2011, 10:14 AM   #3
cryptoboss
LQ Newbie
 
Registered: Mar 2011
Posts: 8

Original Poster
Rep: Reputation: 0
thanks a lot budy , Im seeing light now with your reply .
I believe that the proper way to learn how to set up a firewall with iptables is to read iptables manual , but im getting confused in some points in its manual like :
" match = -m matchname [per-match-options] " what does that really mean , in other words , i usually found this expression in some rules " -m state --state NEW,RELATED,ESTABLISHED " , can someone explain what is that for ??
thanks in advance.

Last edited by cryptoboss; 04-05-2011 at 10:16 AM.
 
Old 04-11-2011, 04:28 PM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by cryptoboss View Post
im getting confused in some points in its manual like :
" match = -m matchname [per-match-options] " what does that really mean , in other words , i usually found this expression in some rules " -m state --state NEW,RELATED,ESTABLISHED " , can someone explain what is that for ??
That just says to use the state module to match packets in state NEW, RELATED, or ESTABLISHED. If a packet isn't in any of those states (for example, it's in state INVALID), it won't match the rule and will continue traversing whichever chain the rule was in.
 
Old 04-14-2011, 09:22 AM   #5
cryptoboss
LQ Newbie
 
Registered: Mar 2011
Posts: 8

Original Poster
Rep: Reputation: 0
thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall rule setting from kernel code aspiringlion Programming 3 12-06-2009 06:37 AM
canceling all iptables rule withous diable firewall zodehala Linux - Networking 1 03-07-2009 10:59 AM
iptables firewall rule question xxrsc Linux - Networking 8 06-07-2006 02:57 PM
how to define a specific range of IPs and/or multiple IPs in an iptables rule?... TheHellsMaster Linux - Security 9 09-20-2004 10:06 AM
Allow specific hosts with iptables (jay's firewall) TheOneAndOnlySM Linux - Networking 2 04-04-2004 06:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration