Thanks again, this was very informative.
On Jul 21, 12:53 pm, Daniel Eggleston <[email protected]> wrote: > Here's the script with comments: > #!/bin/sh > # TCP Proxy using IPTables > > IPTABLES=/sbin/iptables > > echo 1 > /proc/sys/net/ipv4/ip_forward > > # Flush nat table > $IPTABLES -t nat -F > $IPTABLES -F > > ### Set up the redirect > > ## redirects all traffic directed at port 192.168.0.3:8443 > ## to host 10.152.3.56 > $IPTABLES -t nat -A PREROUTING --dst 192.168.0.3 -p tcp --dport 8443 -j DNAT > --to-destination 10.152.3.56:8443 > ## Same as above line; for traffic originating on local machine > $IPTABLES -t nat -A OUTPUT --dst 192.168.0.3 -p tcp --dport 8443 -j DNAT > --to-destination 10.152.3.56:8443 > > ## These two lines do the same, for 10.0.2.2 instead of 192.168.0.3 > $IPTABLES -t nat -A PREROUTING --dst 10.0.2.2 -p tcp --dport 8443 -j DNAT > --to-destination 10.152.3.56:8443 > $IPTABLES -t nat -A OUTPUT --dst 10.0.2.2 -p tcp --dport 8443 -j DNAT > --to-destination 10.152.3.56:8443 > > ### Set up SNAT > > ## Any traffic that's routed out through eth0 gets SNAT'd to appear to > ## the network as though it has originated from eth0. > $IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE > ## Same as above, but for eth1. > $IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE > > ### Firewalling (New lines) > ## Allow all traffic coming in through 192.168.0.3 on port 8443 > $IPTABLES -A INPUT -p tcp --dst 192.168.0.3 --dport 8443 -j ACCEPT > ## Drop all other traffic coming in through 192.168.0.3 > $IPTABLES -A INPUT -p tcp --dst 192.168.0.3 -j DROP > > application_pgp-signature_part > < 1KViewDownload -- You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup
