[Masq] SV: Port forwarding

Wed, 20 Aug 2003 11:08:06 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */

Hi all!

No answer, huh?

Aaaaanyway, I've got port forwarding working for external addresses, but the
internal machines just hang when I try to connect to the gateway on port 81.
Any help is appreciated.  Here's my script now:

#!/bin/sh

EXTIF="eth0"
INTIF="eth1"

EXTIP="`ifconfig $EXTIF | awk
/$EXTIF/'{next}//{split($0,a,":");split(a[2],a," ");print a[1];exit}'`"
INTIP="`ifconfig $INTIF | awk
/$INTIF/'{next}//{split($0,a,":");split(a[2],a," ");print a[1];exit}'`"

depmod -a

modprobe ip_tables
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe ipt_MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr

iptables -P INPUT DROP

iptables -F;
iptables -t nat -F;
iptables -t mangle -F;

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# iptables -A INPUT   -i eth0 -p TCP --dport 25  -j ACCEPT
# iptables -A INPUT   -i eth0 -p TCP --dport 80  -j ACCEPT

iptables -A FORWARD -p tcp -d 192.168.0.2 --dport 80 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -t nat -A PREROUTING -p tcp -d $EXTIP --dport 81 -j DNAT --to
192.168.0.2:80
iptables -t nat -A PREROUTING -p tcp -d $INTIP --dport 81 -j DNAT --to
192.168.0.2:80

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A INPUT -j LOG --log-prefix "New not syn:"
iptables -A INPUT -j REJECT

iptables -A FORWARD -i eth0 -o eth0 -j LOG --log-prefix "external try to
route:"
iptables -A FORWARD -i eth0 -o eth0 -j REJECT

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to