i need some help configuring iptables..
i have a headless gentoo box that connects to the internet through eth1. through eth0 it's connected to this pc (it gets ip 192.168.0.150). i'm running mldonkey on the gentoo box and i connect to it using web interface. surprisingly i got it to work, but it seems that i get low id. i guess port forwarding is not ok.
i have iptables currently configured like this:
Code:
# Generated by iptables-save v1.3.5 on Thu Aug 17 21:28:20 2006
*nat
:PREROUTING ACCEPT [34240:2417965]
:POSTROUTING ACCEPT [738:36799]
:OUTPUT ACCEPT [2766:171850]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 50000 -j DNAT --to-destination 192.168.0.150
-A PREROUTING -i eth1 -p tcp -m tcp --dport 6883 -j DNAT --to-destination 192.168.0.150
-A PREROUTING -i eth1 -p tcp -m tcp --dport 4662 -j DNAT --to-destination 192.168.0.150
-A PREROUTING -i eth1 -p tcp -m tcp --dport 4080 -j DNAT --to-destination 192.168.0.150
-A PREROUTING -i eth1 -p tcp -m tcp --dport 4001 -j DNAT --to-destination 192.168.0.150
-A PREROUTING -i eth1 -p udp -m udp --dport 4672 -j DNAT --to-destination 192.168.0.150
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.150
-A PREROUTING -i eth1 -p udp -m udp --dport 80 -j DNAT --to-destination 192.168.0.150
-A PREROUTING -i eth1 -p tcp -m tcp --dport 110 -j DNAT --to-destination 192.168.0.150
-A PREROUTING -i eth1 -p tcp -m tcp --dport 21 -j DNAT --to-destination 192.168.0.150
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Thu Aug 17 21:28:20 2006
# Generated by iptables-save v1.3.5 on Thu Aug 17 21:28:20 2006
*mangle
:PREROUTING ACCEPT [142902:24055160]
:INPUT ACCEPT [113985:10993600]
:FORWARD ACCEPT [28917:13061560]
:OUTPUT ACCEPT [55657:7917248]
:POSTROUTING ACCEPT [84595:20981166]
COMMIT
# Completed on Thu Aug 17 21:28:20 2006
# Generated by iptables-save v1.3.5 on Thu Aug 17 21:28:20 2006
*filter
:INPUT ACCEPT [108139:10504142]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [55657:7917248]
-A INPUT -i eth2 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i ! eth0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i ! eth0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth1 -p tcp -m tcp --dport 20:25 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 20:25 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 80 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 137:139 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 426 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 50000 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 6883 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 4662 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 4672 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 4080 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 4001 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 4661 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 4661 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 3000 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 4242 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 3000 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 4242 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 4711 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 4665 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 7231 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 7711 -j ACCEPT
-A INPUT -i ! eth0 -p tcp -m tcp --dport 0:1023 -j DROP
-A INPUT -i ! eth0 -p udp -m udp --dport 0:1023 -j DROP
-A FORWARD -d 192.168.0.0/255.255.0.0 -i eth2 -j DROP
-A FORWARD -d 192.168.0.0/255.255.0.0 -i eth0 -j DROP
-A FORWARD -s 192.168.0.0/255.255.0.0 -i eth0 -j ACCEPT
-A FORWARD -d 192.168.0.0/255.255.0.0 -i eth1 -j ACCEPT
-A FORWARD -s 192.168.0.0/255.255.0.0 -i eth2 -j ACCEPT
COMMIT
# Completed on Thu Aug 17 21:28:20 2006
can anyone help me with forwarding ports correctly so that i wouldn't get a low id?
thanks, ziga