Hi
I dont quite get the answer, my setup is
+-----------+ +-----------+ +-----------+
| | eth0 | |eth1 |
|
|Internet |-----------|firewall |-----+-----|web server |
| | | | | | +ssh
|
+-----------+ +-----------+ | +-----------+
any valid internet ip NAT | 192.168.0.2
|
+-----+-----------+
|rest of
|
|internal
|
|network
|
+-----------+
192.168.0.3-254
eth0 has a public IP address
eth1 has a private IP address
Anyone on the internet needs to be able to access www and ssh on the
192.168.0.2 box via the public IP and the whole internal network needs to be
able to access www & ssh out (but masq behind the public ip)
I hope this makes it a bit clearer
Thanks
Mark
-----Original Message-----
From: Matthew Hellman [mailto:[EMAIL PROTECTED]]
Sent: 21 March 2002 02:08
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: ssh & www access from the internet to the lan
You generally need two rules to accomplish this. One prerouting rule to
change the destination address and one forward rule to allow for the
routing of the packets. Here is a setup which forwards HTTP to a particular
host on a different interface. It uses a few variables but hopefully you'll
get the idea.
/sbin/iptables -t nat -A PREROUTING -i $EXTIF -p tcp -d $HTTP1 --dport 80 -j
DNAT --to $HTTPDMZ1
/sbin/iptables -A FORWARD -m state --state NEW -i $EXTIF -p tcp -d
$HTTPDMZ1 --dport 80 -j ACCEPT
----- Original Message -----
From: "Mark Olliver" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 20, 2002 10:44 AM
Subject: ssh & www access from the internet to the lan
>
> Hi
>
> I am having trouble writing some rules to allow ssh and www through the
> firewall from the internet to a specific machine on the lan, whilst
blocking
> virtually everything else,
>
> At the moment my scripts seam to be blocking everything.
>
> Thanks
>
> Mark
>
> http://www.carsplus.co.uk/e-Card/mpo.shtml
>
>
>
