iptables

Ashley M. Kirchner Sat, 06 Jul 2002 12:53:49 -0700


        This is what happens when you try to replace an aging server with 
a new one.  I'm having to re-learn a bunch of stuff here.  One of them 
being iptables.  The old system was setup using ipfwadm.  Something that 
long ago got replaced by ipchains and now by iptables.  So I'm two 
generations behind here.  Urgh.


        Anyway, I can get iptables setup for the server itself (drop 
everything, then filter whatever ports I want, blah blah blah).  What I'm 
having trouble with is the NAT-ing.  I took someone else's script from the 
web and tried to implement it but no matter what I do, it just don't work.  
This is what my current iptables file looks like:

[ NOTES: $PUBLIC = public IP of the system     ]
[        192.168.1.0/24 is the private network ]

# Generated by iptables-save v1.2.5 on Sat Jul  6 14:09:07 2002
*nat
:PREROUTING ACCEPT [81:9837]
:POSTROUTING ACCEPT [9:704]
:OUTPUT ACCEPT [9:704]
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -d ! 192.168.1.0/255.255.255.0 -j SNAT 
--to-source $PUBLIC
COMMIT
# Completed on Sat Jul  6 14:09:07 2002
# Generated by iptables-save v1.2.5 on Sat Jul  6 14:09:07 2002
*filter
:INPUT DROP [114:14559]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10876:581488]
-A INPUT -i lo -j ACCEPT 
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp ! --tcp-option 2 -j REJECT --reject-with tcp-reset 
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT 
-A INPUT -i eth0 -p udp -m udp --dport 21 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -i eth0 -p udp -m udp --dport 22 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT 
-A INPUT -i eth0 -p udp -m udp --dport 80 -j ACCEPT 
-A FORWARD -d 192.168.1.0/255.255.255.0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -s 192.168.1.0/255.255.255.0 -j ACCEPT 
-A OUTPUT -o lo -j ACCEPT 
COMMIT
# Completed on Sat Jul  6 14:09:07 2002


        I'm sure I just forgot something somewhere, but I can't figure out 
what it is.  I appreciate it if some guru can tell me where I went wrong 
here.

        Thanks.



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

iptables

Reply via email to