What scripting! It sure looks lots of fun to me. ;) However, if you want to do it fast (and then learn the dynamics later at your own pace), use a ready-made iptables script. I recommend gShield. ;) Why reinvent the wheel? It is very configurable and the best of all, it works. Port forward in no time... NAT by defining networks. Define closed ports quickly. All this, by gShield. latest version is 2.8.
On 8/4/05, Elmer Rivera <[EMAIL PROTECTED]> wrote: > Thanks. ill try this. > how 'bout settings on Postrouting chain? > > On 8/5/05, Gabriel Briones <[EMAIL PROTECTED]> wrote: > > > > You need to NAT port 53 (tcp and udp) > > > > # iptables -t nat -A PREROUTING -i $EXT_IFACE -p tcp --dport 53 -j > > DNAT --to $DNS_INTERNAL_IP_HERE > > # iptables -t nat -A PREROUTING -i $EXT_IFACE -p udp --dport 53 -j > > DNAT --to $DNS_INTERNAL_IP_HERE > > > > you may also need to allow FORWARD traffic to port 53 both for tcp and > > udp (I'm assuming here that you have DROP as the default policy for > > the 3 major chains) > > > > # iptables -A FORWARD -i $EXT_IFACE -p tcp --dport 53 -d > > $DNS_INTERNAL_IP_HERE > > # iptables -A FORWARD -i $EXT_IFACE -p udp --dport 53 -d > > $DNS_INTERNAL_IP_HERE > > > > and by the way, don't forget to set the DNS server's default gateway > > to the internal IP of your firewall and also don't forget to enable ip > > forwarding either via sysctl or rc.local > > > > > > -jon- > > > > > > On 8/4/05, bodgie <[EMAIL PROTECTED]> wrote: > > > On 8/4/05, Elmer Rivera <[EMAIL PROTECTED]> wrote: > > > > i have an dns server on my private lan, i would like to allow the > > public to > > > > query the service, furthermore its being natted on my linux box. > > > > > _________________________________________________ > > Philippine Linux Users' Group (PLUG) Mailing List > > [email protected] (#PLUG @ irc.free.net.ph > <http://irc.free.net.ph>) > > Read the Guidelines: http://linux.org.ph/lists > > Searchable Archives: http://archives.free.net.ph > > > > > > -- > Elmer Rivera > > -- Mhac Janapin PBTS SysAd www.pbts.net.ph ============= http://mulingsilang.blogspot.com ============= I'm an Open Source Enthusiast. c",) Mozilla Firefox 1 - getfirefox.com Mozilla Thunderbird 1 - mozilla.org OpenOffice.org 1 ============= _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
