[Masq] Re: Problems using PORTFWD'ing: Using IPTABLE's PREROUTINGoption

Sat, 08 Dec 2001 11:05:24 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


>Hello!
>
>Sorry to bother you again, but I still can't resolve the problem.
>I'm attaching my rc.firewall file with some marks in it. Can you please
have a look?
>In your script:
>#iptables -A FORWARD -d 62.219.170.91 -p tcp --dport 21 -m state --state
NEW,ESTABLISHED,RELATED -j >ACCEPT
>#iptables -A FORWARD -s 62.219.170.91 -p tcp --sport 21 -m state --state
NEW,ESTABLISHED,RELATED

First of all you are not bother me at all , feel free to ask !

now look at thoose lines you tagged are not of the masquerade here is the
line of the masquerade

#$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 21 -m state --state
NEW ,ESTABLISHED,RELATED -j ACCEPT

allow destanation nat to port 21   (Thats what you need )

#$IPTABLES -A PREROUTING -t nat -p tcp -d 62.219.166.24 --destination-port
21 -j  DNAT --to 62.219.170.91:21

well here is again:

1) You tell the kernel you masquerade the external interface with the
internal interface on port 21 only to   NEW CONNECTIONS / ALLREADY
ESTABLISHED CONNECTEION /  and RELATED (i forogot what its mean)

2) now on you make the destination masq
   IPTABLES -A PREROUTING -t nat -p tcp -d[THATS YOUR IP FIX IP
ESS]     --destination-port 21 -j DNAT
        --to  [INTERNAL-IP-ADDRESS]:[PORT]


3) Now if you have dynamic ip  as i had you may use  varibles like that

put this in your firewall script
EXTIP=`/root/pptp/script/myip`

and here is the myip script
root@linux:~/pptp/script# cat myip
ifconfig ppp0 | grep "inet addr" | cut -d ':' -f 2 | cut -d ' ' -f 1
root@linux:~/pptp/script#


Ofcurse thats in case your Internet connections sits on ppp0.


Well is that working ;-)

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to