LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-07-2006, 05:52 AM   #1
abiye
LQ Newbie
 
Registered: Apr 2006
Posts: 19

Rep: Reputation: 0
Firewall problem


Hi guys hope soemone can help me with this. I want to put a firewall that does NAT and also acts as a proxy. Behind the firewall I have two servers. an exchange server and a webserver.These are the two i want to nat for. I also want to have internet access 4 the other machines on my LAN. Problem is since squid uses port 80 as well as my webserver how do i split the traffic going to the web sever and the one to my lan? Here is the firewall script I have written so far.

#!/bin/bash
#file: fw1
iptables -t filter -F
iptables -t nat -F


iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

#---allow free traffic on the loopback
iptables -A INPUT -i lo -j ACCEPT


#----ICMP

#---accept all incoming replies
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT -m state --state NEW
iptables -A INPUT -i eth1 -p tcp --dport 25 -j ACCEPT -m state --state NEW
iptables -A FORWARD -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 25 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d z.z.z.z--dport 25 -j DNAT --to-destination 172.16.1.1:25
iptables -t nat -A PREROUTING -p tcp -d z.z.z.z --dport 80 -j DNAT --to-destination 172.16.1.2:80
iptables -t nat -A POSTROUTING -p tcp -d z.z.z.z --dport 25 -j SNAT --to-source 172.16.1.3
iptables -t nat -A POSTROUTING -p tcp -d z.z.z.z --dport 80 -j SNAT --to-source 172.16.1.3
iptables -t nat -A OUTPUT -d z.z.z.z -p tcp --dport 25 -j DNAT --to-destination 172.16.1.1
iptables -t nat -A OUTPUT -d z.z.z.z -p tcp --dport 80 -j DNAT --to-destination 172.16.1.2

Last edited by abiye; 12-07-2006 at 05:58 AM.
 
Old 12-07-2006, 10:02 AM   #2
amitsharma_26
Member
 
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777

Rep: Reputation: 31
Quote:
Originally Posted by abiye
Hi guys hope soemone can help me with this. I want to put a firewall that does NAT and also acts as a proxy. Behind the firewall I have two servers. an exchange server and a webserver.These are the two i want to nat for. I also want to have internet access 4 the other machines on my LAN. Problem is since squid uses port 80 as well as my webserver how do i split the traffic going to the web sever and the one to my lan? Here is the firewall script I have written so far.
You clients can access your webserver via its LAN ip & the issue of differentiating packets b/w squid & webserver (both dport 80) can be sorted out with
-source ! LAN &
-source LAN for the above conditions.
 
Old 12-07-2006, 11:32 AM   #3
abiye
LQ Newbie
 
Registered: Apr 2006
Posts: 19

Original Poster
Rep: Reputation: 0
thank you very much.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
firewall problem? holden94122 Linux - Networking 4 07-26-2005 10:08 PM
firewall problem !!!! John Micheal Linux - Security 7 11-01-2004 11:12 PM
firewall problem..I think SchoolITguy Linux - Software 15 11-04-2003 07:43 AM
rc.firewall-2.4 Problem LucaDanzi Linux - Networking 4 08-08-2003 05:15 PM
firewall problem ratty007 Linux - Networking 1 04-03-2003 10:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration