On Thursday 04 September 2003 11:15, Jule Slootbeek wrote: > Hi, > Thank you for your feedback, I took your advise i think..:) and this is > what i came up with > > echo "Setting firewall rules..." > #ipforwarding and masquerading > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j > MASQUERADE > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A INPUT -i lo -j ACCEPT > iptables -A OUTPUT -m state --state NEW -j ACCEPT > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -m state --state NEW -s 192.168.0.0/24 -j ACCEPT > # allows for forwarding > iptables -A FORWARD -m state --state NEW -p tcp -s 140.232.x.x > --dport 2401 -j ACCEPT > iptables -A FORWARD -m state --state NEW -p tcp -s 140.232.x.x > --dport 22 -j ACCEPT > iptables -A FORWARD -m state --state NEW -p tcp -s 140.232.x.x > --dport 80 -j ACCEPT > > #redirecting ports > iptables -t nat -A PREROUTING -d 140.232.x.x1 -p tcp --dport 2401 -j > DNAT --to-destination 192.168.0.2:2401 > iptables -t nat -A PREROUTING -d 140.232.x.x -p tcp --dport 80 -j > DNAT --to-destination 192.168.0.2:80 > iptables -t nat -A PREROUTING -d 140.232.x.x -p tcp --dport 22 -j > DNAT --to-destination 192.168.0.3:22 > ;; > > but now when i run the firewall, ports 2401 and 80 are not open, (nmap > localhost) and nmap 140.232.x.x times out. I'm not sure what's wrong. > TIA, > > Jule
First things first, I have to ask the obvious : have you enabled forwarding? sysctl -w net/ipv4/ip_forward=1 Secondly, you are defining a source address of 140.232.x.x in your FORWARD rules, that should be destination address, not source address. Also, you may need to use the internal end-point rather than the external address in those FORWARD rules, ie: 192.168.0.2 instead of 140.232.x.x. I'd also use '-i eth0' for those FORWARD rules (or whatever your externel interface is, ppp0 or whatever). Hope this helps. t -- GPG: http://n12turbo.com/tarragon/public.key
