Re: Going nuts because portFW

Andrew Heberle Tue, 26 Feb 2002 06:31:49 -0800

> echo "     - FWD: Allow all connections OUT and only
> existing/related IN"
This pretty much says it all.


How about allowing the traffic coming in on port 21?

---

Andrew Heberle

----- Original Message ----- 
From: "db mg" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 26, 2002 5:35 PM
Subject: Going nuts because portFW


> Hello people,
> 
> i must say that i'm going nuts because portFW with
> iptables.
> 
> Here is my story:
> 
> I got one machine for Gateway & Firewall (R.H. 7.2
> --kernel 2.4.9.21 --iptables 1.2.4). On that machine
> is 
> eth0 - (in iptables is ININT )- local 192.168.1.1)
> eth1 - (in iptables is EXTINT) - internet static-IP )
> 
> Then i got one machine Behing that Firewall  that have
> 2 NIC's and (RH7.2 ) 
> eth0 - 192.168.1.5
> eth1 - 192.168.1.100
> 
> So my problem is to map or forward all http and ftp
> traffic to this LAN machine behind firewall.
> 
> So i was try with :
> $iptables -t nat -A PREROUTING -p tcp --dport 21 -i
> $EXTIF -j DNAT --to \                               
>  192.168.1.5:21 
> 
> with no success ;(
> So i was read allmost all mailing list arhive for help
> and with no success. 
> !!! PLEASE HELP TO GET WORK!!!
> Here are mine forward rules from rc. file:
> 
> *************************
> # FORWARD: Enable Forwarding and thus IPMASQ          
>                                                  
> #                                                     
>                                                  
>                                                       
>                                                  
> echo "     - FWD: Allow all connections OUT and only
> existing/related IN"                               
>                                                       
>                                                  
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state
> --state ESTABLISHED,RELATED \                         
> -j ACCEPT                                             
>                                                  
> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT    
>                                                  
>                                                       
>                                                  
> # Catch all rule, all other forwarding is denied and
> logged.                                            
> #                                                     
>                                                  
> $IPTABLES -A FORWARD -j drop-and-log-it               
>                                                  
>                                                       
>                                                  
>                                                       
>                                                  
> echo "     - NAT: Enabling SNAT (MASQUERADE)
> functionality on $EXTIF"                              
>     
> #                                                     
>                                                  
> #More liberal form                                    
>                                                  
> $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j
> MASQUERADE    
>                                                       
>                                                  
> $iptables -t nat -A PREROUTING -p tcp --dport 21 -i
> $EXTIF -j DNAT --to \                               
>  192.168.1.5:21 
> 
> *************************
> 
> TNX al lot and regards,
> dbmg2001
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Sports - Coverage of the 2002 Olympic Games
> http://sports.yahoo.com
> 
>

Re: Going nuts because portFW

Reply via email to