iptables are not run automatically
Hi friends....
I need a help ... I made a Linux server for proxy (Squid) and fire wall (iptables) .Now my problem is when i boot my server my firewall script are not started automatically.I want the firewall script run when the system boot.Already I done some steps for that...like copy my script and paste on "etc/sysconfig/iptables"... This are all the steps I done ...! "cp /root/primary_firewall /etc/sysconfig/iptables" "vi /etc/rc.local" add the following line: /sbin/insmod ip_conntrack_ftp Save and exit the file. but still my iptables not started when the system boot... so here every time I have to log in and run the iptables like ./iptables so I want to put this job to cron... so please help me. |
add the command to run your iptables script to /etc/rc.local
Though, if this is fedora, there is a special method. Note: I hope you are not logging as root routinely... |
hello ...wher i can add tis....
my iptable path is "/"
"cp /etc/rc.local /etc/sysconfig/iptables" "vi /etc/rc.local" add the following line: /sbin/insmod ip_conntrack_ftp Save and exit the file. so now where i have to put /etc/rc.local tis... on /etc/rc.local or /root/primary_firewall please reply ... |
my iptables path is "/"
"cp /etc/rc.local /etc/sysconfig/iptables" "vi /etc/rc.local" add the following line: /sbin/insmod ip_conntrack_ftp Save and exit the file. so now where i have to put /etc/rc.local tis... on /etc/rc.local or /root/primary_firewall please reply ... |
The command you ran to start your firewall manually was:
./iptables The ./ tells the shell to look in the current working directory. In the example you gave, the working directory was /root so I,m guessing that the iptables script is /root/iptables... so the relevant line in /etc/rc.local would be /root/iptables. |
s ..my iptables
hi /...
my iptables path is "/"(root) in this case when i add "/etc/rc.local" this line i get an error.. "insmod:ipconntrack_ftp:no module by that name found" so i re open my iptables and comment the line..."/etc/rc.local" selvam |
"insmod:ipconntrack_ftp:no module by that name found"
... remove the insmod line from /etc/rc.local |
Please clarify your statements.
Quote:
Could it be that you have your firewall script in the root directory? Why would you put this in such an odd place? Quote:
Quote:
What you do is vi /etc/rc.local find the line that says: /sbin/insmod ip_conntrack_ftp delete that line, thed add a new line in its place that gives the full path to the command you used to start your firewall. i.e. if you start your firewall with the following commands: cd /root ./firewall.sh ... then the new line will say: /root/firewall.sh |
get tis error....!
i was just removed "insmod line from /etc/rc.local"
and go to my iptables. # CD / # vi iptables here i just add "/etc/rc.local" then save this file(wq) and ran the script ./iptables. now i get an error. "/etc/rc.local:line7:bin/touch:too many open files in system. /etc/rc.local:/bin/sh:bad interpreter:too many open files in system. flushing al chains:{ok} removing user defined chains:(ok) Resetting built-in chains to the default ACCEPT policy{ok} just restart the system but Stil my iptable not start automatically ..... just go to terminal and ran manually :./iptables. |
i just explain u r quotes....!
Quote 1:
my iptables path is "/"(root) Actually my iptables script path is :/" Quote 2: in this case when i add "/etc/rc.local" this line i get an error.. i mean i was just add the line on my iptables script like this... [root@earth root] [root@earth root] cd / (press enter) [root@earth /]vi iptables (press enter) in these script i was added these line... "/etc/rc.local" and just save (wq) and run the script [root@earth /]./iptables now also i am getting the same problem...these iptables not start automatically. " |
Quote:
1) Remove the line /etc/rc.local from your iptables script. 2) vi /etc/rc.local and add the line: /etc/sysconfig/iptables then save it and restart If that doesn't work, try the following: 1) Remove the line /etc/rc.local from your iptables script 2) run the iptables script how you normally run it. ./iptables 3) type service iptables save 4) type chkconfig iptables on 5) reboot |
hi James Dewar
i was tried .but again it's not work automatically ... manually i am strting(./iptables) thanks for u r advice..need help...else can i put the job to cron...? need some advice selvam |
Please post your iptables script. You don't want to use cron for this!
|
#!/bin/bash
# /usr/local/sbin/setiptables.bash # Acceptable ports APORTS=" 23 1720 80 389 522 1503 1720 1731 1433 8383 110 3128 5060 1503 3129 4311 1433 554 1755" # Reject ports Kazaa(1214), Gnnutella (6346 6347) RPORTS=" 1214 443 445 135 25 6346 6347 81" EX_ETH=eth0 # External Interface IN_ETH=eth1 # Local Interface LOCAL_IP=192.168.1.100 # Local Host IP LOCAL_NET=192.168.1.0/192.168.1.120 # Local Network #EXTERNAL_NET=202.144.158.192/28 # External Network EXTERNAL_NET=61.247.252.125 # External Networki EXTERNAL_IP=61.247.252.125 PROXY_IP=192.168.1.100 # Proxy Server IP (Transparent Proxy) PROXY_PORT=3128 # Proxy Server Port No # Clear all iptables #/etc/init.d/iptables stop #comment on 03/04/2006 /etc/init.d/iptables stop #created on 03/04/2006 iptables --flush iptables --delete-chain #iptables -P INPUT DROP #iptables -P OUTPUT ACCEPT #iptables -P FORWARD ACCEPT #iptables -A INPUT --dport 25 -j DROP # Masquerade #iptables -t nat -A PREROUTING -p tcp -i $EX_ETH -d $EXTERNAL_NET --dport 5060 -j DNAT --to 192.168.1.200:80 #iptables -A FORWARD -p tcp -i $EX_ETH -d 192.168.1.200 --dport 80 -j ACCEPT #iptables -t nat -A POSTROUTING -s 192.168.1.200 -o $EX_ETH -j MASQUERADE -p tcp --dport 3389 iptables -t nat -A POSTROUTING -s 192.168.1.100 -o $EX_ETH -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.1.200 -o $EX_ETH -j MASQUERADE -p tcp --dport 1337 iptables -t nat -A POSTROUTING -s 192.168.1.200 -o $EX_ETH -j MASQUERADE -p tcp --dport 5900 iptables -t nat -A POSTROUTING -s 192.168.1.200 -o $EX_ETH -j MASQUERADE -p tcp --dport 21 iptables -t nat -A POSTROUTING -s 192.168.1.200 -o $EX_ETH -j MASQUERADE -p tcp --dport 1433 iptables -t nat -A POSTROUTING -s 192.168.1.200 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 iptables -t nat -A POSTROUTING -s 192.168.1.200 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 iptables -t nat -A POSTROUTING -s 192.168.1.200 -o $EX_ETH -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.1.68 -o $EX_ETH -j MASQUERADE #iptables -t nat -A POSTROUTING -s 192.168.1.68 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 #iptables -t nat -A POSTROUTING -s 192.168.1.68 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 #iptables -t nat -A POSTROUTING -s 192.168.1.55 -o $EX_ETH -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.1.55 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 iptables -t nat -A POSTROUTING -s 192.168.1.55 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 iptables -t nat -A POSTROUTING -s 192.168.1.15 -o $EX_ETH -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.1.15 -o $EX_ETH -j MASQUERADE -p tcp --dport 1337 iptables -t nat -A POSTROUTING -s 192.168.1.15 -o $EX_ETH -j MASQUERADE -p tcp --dport 21 iptables -t nat -A POSTROUTING -s 192.168.1.15 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 iptables -t nat -A POSTROUTING -s 192.168.1.15 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 iptables -t nat -A POSTROUTING -s 192.168.1.46 -o $EX_ETH -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.1.46 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 iptables -t nat -A POSTROUTING -s 192.168.1.46 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 iptables -t nat -A POSTROUTING -s 192.168.1.46 -o $EX_ETH -j MASQUERADE -p tcp --dport 21 iptables -t nat -A POSTROUTING -s 192.168.1.46 -o $EX_ETH -j MASQUERADE -p tcp --dport 1433 iptables -t nat -A POSTROUTING -s 192.168.1.46 -o $EX_ETH -j MASQUERADE -p tcp --dport 1434 iptables -t nat -A POSTROUTING -s 192.168.1.46 -o $EX_ETH -j MASQUERADE -p tcp --dport 3389 iptables -t nat -A POSTROUTING -s 192.168.1.46 -o $EX_ETH -j MASQUERADE -p tcp --dport 1337 iptables -t nat -A POSTROUTING -s 192.168.1.46 -o $EX_ETH -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.1.3 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 iptables -t nat -A POSTROUTING -s 192.168.1.3 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 #iptables -t nat -A POSTROUTING -s 192.168.1.46 -o $EX_ETH -j MASQUERADE -p tcp --dport 3389 iptables -t nat -A POSTROUTING -s 192.168.1.1 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 iptables -t nat -A POSTROUTING -s 192.168.1.1 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 iptables -t nat -A POSTROUTING -s 192.168.1.45 -o $EX_ETH -j MASQUERADE -p tcp --dport 1434 iptables -t nat -A POSTROUTING -s 192.168.1.45 -o $EX_ETH -j MASQUERADE -p tcp --dport 1433 iptables -t nat -A POSTROUTING -s 192.168.1.45 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 iptables -t nat -A POSTROUTING -s 192.168.1.45 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 iptables -t nat -A POSTROUTING -s 192.168.1.45 -o $EX_ETH -j MASQUERADE -p tcp --dport 3389 iptables -t nat -A POSTROUTING -s 192.168.1.45 -o $EX_ETH -j MASQUERADE -p tcp --dport 5900 iptables -t nat -A POSTROUTING -s 192.168.1.44 -o $EX_ETH -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.1.44 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 iptables -t nat -A POSTROUTING -s 192.168.1.44 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 iptables -t nat -A POSTROUTING -s 192.168.1.44 -o $EX_ETH -j MASQUERADE -p tcp --dport 1433 iptables -t nat -A POSTROUTING -s 192.168.1.44 -o $EX_ETH -j MASQUERADE -p tcp --dport 1337 iptables -t nat -A POSTROUTING -s 192.168.1.48 -o $EX_ETH -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.1.48 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 iptables -t nat -A POSTROUTING -s 192.168.1.48 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 iptables -t nat -A POSTROUTING -s 192.168.1.48 -o $EX_ETH -j MASQUERADE -p tcp --dport 1433 #iptables -t nat -A POSTROUTING -s 192.168.1.48 -o $EX_ETH -j MASQUERADE -p tcp --dport 1433 #iptables -t nat -A POSTROUTING -s 192.168.1.12 -o $EX_ETH -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.1.12 -o $EX_ETH -j MASQUERADE -p tcp --dport 21 iptables -t nat -A POSTROUTING -s 192.168.1.12 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 iptables -t nat -A POSTROUTING -s 192.168.1.12 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 iptables -t nat -A POSTROUTING -s 192.168.1.37 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 iptables -t nat -A POSTROUTING -s 192.168.1.37 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 iptables -t nat -A POSTROUTING -s 192.168.1.37 -o $EX_ETH -j MASQUERADE -p tcp --dport 1337 iptables -t nat -A POSTROUTING -s 192.168.1.37 -o $EX_ETH -j MASQUERADE -p tcp --dport 5900 iptables -t nat -A POSTROUTING -s 192.168.1.10 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 iptables -t nat -A POSTROUTING -s 192.168.1.10 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 #iptables -t nat -A POSTROUTING -s 192.168.1.2 -o $EX_ETH -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.1.24 -o $EX_ETH -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.1.2 -o $EX_ETH -j MASQUERAD E iptables -t nat -A POSTROUTING -s 192.168.1.14 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 iptables -t nat -A POSTROUTING -s 192.168.1.14 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 iptables -t nat -A POSTROUTING -s 192.168.1.57 -o $EX_ETH -j MASQUERADE -p tcp --dport 25 iptables -t nat -A POSTROUTING -s 192.168.1.57 -o $EX_ETH -j MASQUERADE -p tcp --dport 110 iptables -t nat -A POSTROUTING -s 192.168.1.57 -o $EX_ETH -j MASQUERADE -p tcp --dport 1337 # Transparent Proxy #iptables -t nat -A PREROUTING -i $IN_ETH \ # -p tcp --dport 80 -j REDIRECT --to-port $PROXY_PORT # Transparent Proxy (to a Remote Box) # iptables -t nat -A PREROUTING -i $IN_ETH -s ! $LOCAL_IP -p tcp \ # --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT # iptables -t nat -A POSTROUTING -o eth0 -s $LOCAL_NET -d $PROXY_IP \ # -j SNAT --to $LOCAL_IP # iptables -A FORWARD -s $LOCAL_NET -d $PROXY_IP -i $IN_ETH -o $EX_ETH # -p tcp --dport $PROXY_PORT -j ACCEPT #packets for established connections iptables -A INPUT -p tcp -d 61.247.252.125 -m state --state \ NEW,ESTABLISHED,RELATED -j ACCEPT #iptables -A INPUT -p tcp -d 61.247.252.125 -i eth0 -j LOG --log-tcp-options --log-ip-options --log-prefix '[IPTABLES ACCEPT]' # Accept for AP in $APORTS do #iptables -A INPUT -i $EX_ETH -p tcp --dport $AP -s $LOCAL_NET -j LOG --log-tcp-options --log-ip-options --log-prefix '[IPTABLES ACCEPT]' #iptables -A INPUT -i $EX_ETH -p udp --dport $AP -s $LOCAL_NET -j LOG --log-tcp-options --log-ip-options --log-prefix '[IPTABLES ACCEPT]' iptables -A INPUT -i $EX_ETH -p tcp --dport $AP -s $LOCAL_NET -j ACCEPT iptables -A INPUT -i $EX_ETH -p udp --dport $AP -s $LOCAL_NET -j ACCEPT # iptables -A INPUT -j ACCEPT -p all -s 192.168.1.0/192.168.1.120 -i eth1 # iptables -A OUTPUT -j ACCEPT -p all -d 192.168.1.0/192.168.1.120 -o eth1 done #iptables -A OUTPUT -p ALL -s 192.168.1.100 -j ACCEPT #iptables -A OUTPUT -p ALL -s 192.168.1.1 -j ACCEPT #iptables -A INPUT -i eth1 -s 0/0 -d 192.168.1.42 -j REJECT #for AP in $APORTS #do iptables -A INPUT -d 61.247.252.125 -i $EX_ETH -p tcp --dport $AP -j ACCEPT iptables -A INPUT -d 61.247.252.125 -i $EX_ETH -p udp --dport $AP -j ACCEPT #done # Reject #for RP in $RPORTS #do # iptables -A INPUT -p tcp --dport $RP -j LOG --log-tcp-options --log-ip-options --log-prefix '[IPTABLES DROP]' # iptables -A INPUT -p tcp --dport $RP -j LOG --log-tcp-options --log-ip-options --log-prefix '[IPTABLES DROP]' # iptables -A INPUT -p tcp --dport $RP -j REJECT # iptables -A INPUT -p udp --dport $RP -j REJECT # iptables -A INPUT -i eth1 -p tcp --dport $RP -j REJECT # iptables -A INPUT -i eth1 -p udp --dport $RP -j REJECT #done #iptables -A INPUT -i $IN_ETH -p tcp --dport 5060 -j ACCEPT #iptables -A INPUT -i $IN_ETH -p udp -m udp --dport 7070:7080 -j ACCEPT #iptables -A FORWARD -o eth1 -p tcp --dport 5000:5050 -j DROP # Any other packets must be dropped. #iptables -A INPUT -i $EX_ETH -m state --state NEW,INVALID -j LOG --log-tcp-options --log-ip-options --log-prefix '[IPTABLES DROP]' #iptables -A INPUT -i $EX_ETH -m state --state NEW,INVALID -j DROP # FORWARD Chain #:iptables -A FORWARD -i $EX_ETH -m state --state NEW,INVALID -j LOG --log-tcp-options --log-ip-options --log-prefix '[IPTABLES DROP]' #iptables -A FORWARD -i $EX_ETH -m state --state NEW,INVALID -j DROP echo 1 > /proc/sys/net/ipv4/ip_forward #iptables -A INPUT -i $EX_ETH -p tcp --dport 80 -j LOG #iptables -t nat -A PREROUTING -i $EX_ETH -p tcp --dport 80 -j DNAT --to-dest 192.168.1.200:80 #iptables -t nat -A PREROUTING -i $EX_ETH -p tcp --dport 8081 -j DNAT --to-dest 192.168.1.200:8081 #iptables -t nat -A PREROUTING -j ACCEPT #iptables -A FORWARD -i $EX_ETH -o $IN_ETH -p tcp --dport 80 -j LOG #iptables -A FORWARD -i $EX_ETH -o $IN_ETH -p tcp --dport 554 -j ACCEPT #iptables -A INPUT -i $EX_ETH -p tcp --dport 1433 -j LOG #iptables -t nat -A PREROUTING -i $EX_ETH -p tcp --dport 1433 -j DNAT --to-dest 192.168.1.200:1433 #iptables -t nat -A PREROUTING -j ACCEPT #iptables -t nat -A PREROUTING -s any/0 -d 61.247.252.125 -p tcp --dport 554 -j DNAT --to-dest 192.168.1.200:554 #iptables -A FORWARD -i $EX_ETH -j ACCEPT #iptables -A FORWARD -i $IN_ETH -j ACCEPT #iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT #iptables -A FORWARD -i $EX_ETH -o $IN_ETH -p tcp -d 192.168.1.200 --dport 554 -j ACCEPT #iptables -A FORWARD -i $EX_ETH -o $IN_ETH -p tcp -d 192.168.1.200 --dport 7070 -j ACCEPT #iptables -A FORWARD -i $EX_ETH -o $IN_ETH -p udp -d 192.168.1.200 --dport 554 -j ACCEPT #iptables -A FORWARD -i $EX_ETH -o $IN_ETH -p udp -d 192.168.1.200 --dport 7070 -j ACCEPT #iptables -A FORWARD -i $EX_ETH -o $IN_ETH -p udp -d 192.168.1.200 --dport 6970:6999 -j ACCEPT #iptables -t nat -A PREROUTING --dst $EXTERNAL_IP -p tcp --dport 554 -j DNAT --to-destination 192.168.1.200:554 #iptables -t nat -A PREROUTING --dst $EXTERNAL_IP -p tcp --dport 7070 -j DNAT --to-destination 192.168.1.200:7070 #iptables -t nat -A PREROUTING --dst $EXTERNAL_IP -p udp --dport 554 -j DNAT --to-destination 192.168.1.200:554 #iptables -t nat -A PREROUTING --dst $EXTERNAL_IP -p udp --dport 7070 -j DNAT --to-destination 192.168.1.200:7070 #iptables -t nat -A PREROUTING --dst $EXTERNAL_IP -p udp --dport 6970:6999 -j DNAT --to-destination 192.168.1.200:6970-6999 #echo 1 > /proc/sys/net/ipv4/ip_forward #iptables -t nat -A PREROUTING -i $IN_ETH -p tcp --dport 5060 -j DNAT --to-dest 192.168.1.200:5060 #iptables -t nat -A PREROUTING -j ACCEPT #iptables -A FORWARD -i $IN_ETH -p tcp -s 192.168.1.200 \ #-o $IN_ETH --dport 5060 -m state --state NEW -j ACCEPT #iptables -A FORWARD -t filter -o $IN_ETH -m state \ # --state NEW,ESTABLISHED,RELATED -j ACCEPT #iptables -A FORWARD -t filter -i $IN_ETH -m state \ # --state ESTABLISHED,RELATED -j ACCEPT #iptables -A FORWARD -p tcp --dport 5060 -j LOG --log-prefix "test" #iptables -A FORWARD -s 192.168.1.200 -i $IN_ETH -o $IN_ETH -p tcp -j ACCEPT #iptables -t nat -A FORWARD -i $IN_ETH -o $IN_ETH -p tcp --dport 5060 -m state --state ESTABLISHED -j ACCEPT #iptables -A INPUT -p tcp -i $EX_ETH --dport 1720 -j LOG --log-prefix "mytest" iptables -A PREROUTING -t nat -p tcp -d $EXTERNAL_IP --dport 1720 -j DNAT --to-dest 192.168.1.200:1720 iptables -t nat -A PREROUTING -j ACCEPT iptables -A FORWARD -i $EX_ETH -o $IN_ETH -p tcp --dport 1720 -j ACCEPT #iptables -t nat -A PREROUTING -i $EX_ETH -p tcp --dport 10200:10209 -j DNAT --to-destination 192.168.1.100 #iptables -A FORWARD -d $LOCAL_IP -o $IN_ETH -p tcp --dport 10200:10209 -j ACCEPT #iptables -t nat -A PREROUTING -i $EX_ETH -p udp --dport 10200:10259 -j DNAT --to-destination 192.168.1.100 #iptables -A FORWARD -d $LOCAL_IP -i $IN_ETH -p udp --dport 10200:10259 -j ACCEPT #iptables -I PREROUTING -t nat -p tcp --dport 1720 -j REDIRECT #iptables -I INPUT -p tcp --dport 1720 -j LOG --log-prefix "hello" iptables -I INPUT -p tcp --dport 1720 -j ACCEPT iptables -I INPUT -p tcp --dport 10200:10209 -j ACCEPT iptables -I INPUT -p udp --dport 10200:10259 -j ACCEPT iptables -I OUTPUT -p tcp -j ACCEPT iptables -I OUTPUT -p udp -j ACCEPT iptables -I INPUT -p tcp ! --tcp-flags SYN,RST,ACK SYN -j ACCEPT #iptables -I PREROUTING -t nat -p tcp --dport 10200:10209 -d $EXTERNAL_NET -j DNAT --to-destination $LOCAL_IP #iptables -I PREROUTING -t nat -p udp --dport 10200:10259 -d $EXTERNAL_NET -j DNAT --to-destination $LOCAL_IP #iptables -I PREROUTING -t nat -p tcp --dport 5060 ! -s $EXTERNAL_NET -j DNAT --to-destination 192.168.1.200 #iptables -t nat -I PREROUTING -p tcp --dport 5060 -i $IN_ETH -j DNAT --to-dest 192.168.1.200:5060 #iptables -t nat -A PREROUTING -j ACCEPT #iptables -A FORWARD -i $EX_ETH -o $IN_ETH -p tcp --dport 7101 -j ACCEPT #iptables -t nat -A PREROUTING -i $EX_ETH -p tcp --dport 7102 -j DNAT --to-dest 192.168.1.200:7102 #iptables -A FORWARD -i $EX_ETH -o $IN_ETH -p tcp --dport 7102 -j ACCEPT #iptables -A FORWARD -p tcp --dport 1863 -j DROP #iptables -A FORWARD -p tcp -d 64.4.13.0/24 -j DROP # Turn on IP forwarding #echo 1 > /proc/sys/net/ipv4/ip_forward #iptables -A FORWARD -i eth0 -o eth0 -j LOG --log-prefix "external try" #iptables -A FORWARD -i eth0 -o eth0 -j REJECT #iptables -A OUTPUT -j LOG -o eth0 #iptables -A INPUT -j LOG #iptables -A FORWARD -j LOG --log-prefix "forward only" |
hi please see my iptables script....!
|
All times are GMT -5. The time now is 01:13 PM. |