Iptables opening/forwarding ports
Hi there,
Yes I know, there are a million topics on this, but none of them seem to help me out. I've have tried lots of things, overheated the google servers and so on and still no luck.
I have a linux box set up as firewall/router. In my LAN there are two pc's. (192.168.1.3 and 192.168.1.5). The router has IP 192.168.1.1. This router is connected to the internet by means of a cable modem. Almost everything works fine. Internet and email, ICQ and so on work on both pc's. On my (192.168.1.5) pc I want to be able to download using Azureus and I want to host MOH games. But neither of them seem to work. I played around with IP tables, but apperantly I'm doing something wrong. Azureus is able to download, but when I test the port (6881) I get a NAT error, no matter what I try.
Below is are my Iptables rules.
#!/bin/sh
# iptables script generator: V0.1-2002
# Comes with no warranty!
# e-mail: michael(at)1go.dk
# Disable forwarding
echo "Disabling forwarding..."
echo 0 > /proc/sys/net/ipv4/ip_forward
LAN_IP_NET='192.168.1.0/24'
LAN_NIC='eth1'
LAN_IP='192.168.1.1'
WAN_IP='xxx.xxx.xxx.xxx'
WAN_NIC='eth0'
ME='192.168.1.5'
# load some modules (if needed)
# Flush all existing rules
echo "Flushing existing rules..."
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F
# Drop everything on INPUT and FORWARD chain. Accept all OUTPUT
echo "Setting up default policy..."
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#Enable Masquerade and forwarding
echo "Enabling masquerading and forwarding..."
I tried this, but it punches a lot of holes in my firewall
#iptables -A FORWARD -m state --state NEW -j ACCEPT
I tried this for Azareus, but I keep getting these NAT errors
iptables -t nat -A PREROUTING -p tcp --dport 6881 -i $WAN_NIC -j DNAT --to-destination $ME:6881
iptables -t nat -A PREROUTING -p udp --dport 6881 -i $WAN_NIC -j DNAT --to-destination $ME:6881
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# Open ports on router for server/services
echo "opening ports..."
iptables -A INPUT -j ACCEPT -p tcp --dport 110 -i eth1
iptables -A INPUT -j ACCEPT -p tcp --dport 25 -i eth1
iptables -A INPUT -j ACCEPT -p tcp --dport 22 -i eth1
iptables -A INPUT -j ACCEPT -p tcp --dport 139 -i eth1
iptables -A INPUT -j ACCEPT -p tcp --dport 10000 -i eth1
iptables -A INPUT -j ACCEPT -p udp --dport 10000 -i eth1
iptables -A INPUT -j ACCEPT -p tcp --dport 631 -i eth1
iptables -A INPUT -j ACCEPT -p udp --dport 631 -i eth1
#State RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Enable forwarding
echo "Enabling forwarding..."
echo 1 > /proc/sys/net/ipv4/ip_forward
Can somebody please help me with this?
Last edited by broxtor; 09-27-2004 at 01:04 PM.
|