LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 06-11-2006, 08:11 AM   #1
fieska
LQ Newbie
 
Registered: Jan 2004
Posts: 22

Rep: Reputation: 15
opening ports on a windows pc connected to a linux box which serves as a gateway


Hello,
we have two pc at home, my girlfriend runs a windows pc and myself have a linux box under slackware 10.2

we cant afford a router but we have a usb modem (speedtouch) that i succeded to make it work under slackware (not really difficult).

We want to share adsl connection cause we are fed up to unplug the modem each time.

I found a tuto on how sharing connections with a usb modem that i followed
it works but im not really happy cause i dont know how to open ports on the windows machine from iptables rules

here is the script i used :

#!/bin/bash
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
# mldonkey port for linux box
iptables -A INPUT -s 0.0.0.0/0 -p tcp --destination-port 4662 -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.2 -j MASQUERADE
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp0 -o ppp0 -j DROP
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
iptables -A INPUT -s 192.168.0.2/32 -j ACCEPT
route add -host 192.168.0.2 dev eth0
echo 1 > /proc/sys/net/ipv4/ip_forward

i added myself the line for the opening of the mldonkey port and i'd wish to do the same for the windows box, how to do it plz ???

thanks a lot
 
Old 06-11-2006, 09:36 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by fieska
Hello,
we have two pc at home, my girlfriend runs a windows pc and myself have a linux box under slackware 10.2

we cant afford a router but we have a usb modem (speedtouch) that i succeded to make it work under slackware (not really difficult).

We want to share adsl connection cause we are fed up to unplug the modem each time.

I found a tuto on how sharing connections with a usb modem that i followed
it works but im not really happy cause i dont know how to open ports on the windows machine from iptables rules

here is the script i used :

#!/bin/bash
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
# mldonkey port for linux box
iptables -A INPUT -s 0.0.0.0/0 -p tcp --destination-port 4662 -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.2 -j MASQUERADE
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp0 -o ppp0 -j DROP
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
iptables -A INPUT -s 192.168.0.2/32 -j ACCEPT
route add -host 192.168.0.2 dev eth0
echo 1 > /proc/sys/net/ipv4/ip_forward

i added myself the line for the opening of the mldonkey port and i'd wish to do the same for the windows box, how to do it plz ???

thanks a lot
you'll need to use a different port number for your girlfriend's mldonkey, like 4663 for example... it should work like this (i cleaned-up your script somewhat also):

Code:
#!/bin/bash

IPT="/usr/sbin/iptables"

echo "0" > /proc/sys/net/ipv4/ip_forward

$IPT -F
$IPT -F -t nat
$IPT -F -t mangle

$IPT -X
$IPT -X -t nat
$IPT -X -t mangle

$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT

$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPT -A INPUT -i lo -j ACCEPT

# Allow Internet hosts to connect to my Linux box's MLdonkey:
$IPT -A INPUT -p TCP -i ppp0 --dport 4662 \
-m state --state NEW -j ACCEPT

# Allow my girlfriend to connect to my Linux box in any way:
$IPT -A INPUT -i eth0 -s 192.168.0.2 \
-m state --state NEW -j ACCEPT

$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow my girlfriend to connect to the Internet in any way:
$IPT -A FORWARD -i eth0 -o ppp0 -s 192.168.0.2 \
-m state --state NEW -j ACCEPT

# Allow Internet hosts to connect to my girlfriend's MLdonkey:
$IPT -A FORWARD -p TCP -i ppp0 -o eth0 -d 192.168.0.2 \
--dport 4663 -m state --state NEW -j ACCEPT

# DNAT MLdonkey packets which should go to my girlfriend's box:
$IPT -t nat -A PREROUTING -p TCP -i ppp0 --dport 4663 \
-j DNAT --to-destination 192.168.0.2

$IPT -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "1" > /proc/sys/net/ipv4/ip_forward
i hope this helps... let me know if you have any questions...

Last edited by win32sux; 06-11-2006 at 09:47 AM.
 
Old 06-14-2006, 07:06 AM   #3
fieska
LQ Newbie
 
Registered: Jan 2004
Posts: 22

Original Poster
Rep: Reputation: 15
Hello,
thanks a lot it works very fine Was absent these last few days so i was not able to thank u earlier.
I knew for the ports that we cant work on the same one, and as a matter of fact i did not give the right one

Cheers man for your answer, it really helped

ps : i hope to make my girlfrien turn her mind about linux
 
Old 06-02-2009, 01:07 AM   #4
r.bhange
LQ Newbie
 
Registered: Mar 2009
Posts: 18

Rep: Reputation: 0
Quote:
Originally Posted by win32sux View Post
you'll need to use a different port number for your girlfriend's mldonkey, like 4663 for example... it should work like this (i cleaned-up your script somewhat also):

Code:
#!/bin/bash

IPT="/usr/sbin/iptables"

echo "0" > /proc/sys/net/ipv4/ip_forward

$IPT -F
$IPT -F -t nat
$IPT -F -t mangle

$IPT -X
$IPT -X -t nat
$IPT -X -t mangle

$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT

$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPT -A INPUT -i lo -j ACCEPT

# Allow Internet hosts to connect to my Linux box's MLdonkey:
$IPT -A INPUT -p TCP -i ppp0 --dport 4662 \
-m state --state NEW -j ACCEPT

# Allow my girlfriend to connect to my Linux box in any way:
$IPT -A INPUT -i eth0 -s 192.168.0.2 \
-m state --state NEW -j ACCEPT

$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow my girlfriend to connect to the Internet in any way:
$IPT -A FORWARD -i eth0 -o ppp0 -s 192.168.0.2 \
-m state --state NEW -j ACCEPT

# Allow Internet hosts to connect to my girlfriend's MLdonkey:
$IPT -A FORWARD -p TCP -i ppp0 -o eth0 -d 192.168.0.2 \
--dport 4663 -m state --state NEW -j ACCEPT

# DNAT MLdonkey packets which should go to my girlfriend's box:
$IPT -t nat -A PREROUTING -p TCP -i ppp0 --dport 4663 \
-j DNAT --to-destination 192.168.0.2

$IPT -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "1" > /proc/sys/net/ipv4/ip_forward
i hope this helps... let me know if you have any questions...





Hello,

I think you are very good in iptables rules. I want to use iptable in my mail server and network.


I want send my outgoing smtp traffic first to my windows pc for IMSS using iptables, i dont want to use SMART_HOST feature from sendmail.


I try use output and forward rule but it not worked.

The mail server have Internet connection while i send mail without SMART_HOST it will send directly via Internet connection.

if you have any idea kindly send.

thanks
 
Old 06-02-2009, 02:19 AM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
1) Don't hijack other people's threads.

2) Don't resurrect dead threads.


You're new around here, so it's understandable that you aren't familiar yet with the culture. That said, from this point on, please comply with the two requests above - it'll make things easier for everyone. For this particular question you are asking, I recommend the Networking forum instead. This thread is now closed so it may rest in peace.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows XP box doesn't open filesharing ports Dtsazza Linux - Networking 2 01-11-2006 12:52 PM
Linux clients sharing a common printer connected to a windows box comox Linux - Networking 1 10-24-2005 07:50 PM
Opening Ports On Linux RedHat 7.3 David@330 Linux - Newbie 1 03-15-2005 02:06 AM
Linux box as Gateway to internet for Windows Network bickyz Linux - Networking 11 11-29-2004 07:06 PM
configuring a gateway for a windows xp box joshuadonz *BSD 0 03-23-2003 02:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration