Chris Mason (Lists) wrote: > I am using Astlinux 0.2.6 on a Soekris 4801 to provide a small pbx to a > business, and it is also the firewall for that business. I would like to > give PCAnywhere access to a server inside the firewall using iptables, > but I don't seem to be able to get it right. Can anyone tell me how? > I put the lines below into /mnt/kd/astfw > > # > PCAnywhere > > > iptables -t nat -A PREROUTING -p udp -i eth0 --dport 5631 -j DNAT --to > 90.0.0.10:5631 > iptables -t nat -A PREROUTING -p udp -i eth0 --dport 5632 -j DNAT --to > 90.0.0.10:5632 > I presume you have a default DROP policy? Your DNAT --to my.internal.ip.address looks like an external IP address. You want to jump the destination to your internal IP. You will also need a rule to allow this traffic to the inside server - these rules just change the address. Something like:
iptables -t nat -A PREROUTING -p udp -i eth0 --dport 5631:5632 -j DNAT --to 192.168.1.x (where x is the machine you want to allow access to) iptables -A FORWARD -p udp -i eth0 --dport 5631:5632 -j ACCEPT If you are doing egress filtering you will need to allow the same traffic back out, or use RELATED, ESTABLISHED rules. Clint _______________________________________________ Astlinux-users mailing list [email protected] http://lists.kriscompanies.com/mailman/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED]
