Howdy all, having a spot of bother with this fw I would normally take this to the netfilter n00bs list but cannot seem to get listed :/ anywho... My goal is to have a simple masquerading script that will deny all and forward all http traffic to 192.168.0.3 Sounds simple enough.. Here is what I have so far..
#!/bin/bash # path to iptables IPTABLES="/sbin/iptables" # Then flush all rules $IPTABLES -F $IPTABLES -t nat -F # masquerading stuff $IPTABLES -t nat -A POSTROUTING -d ! 192.168.0.0/24 -j MASQUERADE $IPTABLES -A FORWARD -s 192.168.0.0/24 -j ACCEPT $IPTABLES -A FORWARD -d 192.168.0.0/24 -j ACCEPT $IPTABLES -A FORWARD -s ! 192.168.0.0/24 -j DROP # Turn on IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward # send incoming ppp0 at port 80, to 192.168.1.18:80 $IPTABLES -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to 192.168.0.3 # you must also open the port from outside in the firewall, like this: $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT any thoughts or pointers greatfully recieved Kind regards Kevin -- ______ (_____ \ _____) ) ____ ____ ____ ____ | ____/ / _ ) / _ | / ___) / _ ) | | ( (/ / ( ( | |( (___ ( (/ / |_| \____) \_||_| \____) \____) Kevin Waterson Port Macquarie, Australia -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
