iptables

gbell72 gbell72-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Sat Nov 8 17:17:11 UTC 2003 

Well my friend has finally made another attempt at connecting..still with no
luck.  My rules now look like this:

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 8888 -j DNAT --to-dest
192.168.0.66

iptables -A FORWARD -i eth1 -o 192.168.0.1 -p tcp -d 192.168.0.66 --dport 8888
-j ACCEPT

iptables -I INPUT -p tcp -i eth0 --dport 8888 -j ACCEPT

I do have two interfaces in the coyote box eth1 being the external interface and
eth0 being internal.  At this point I'm not even able to connect to the server
running webadmin from my own lan.  All machines on my lan connect to the inet
without a glitch.
The bonus of this firewall is it is made just for that and to drop any incoming
conenctions.

On Sat, 8 Nov 2003, gbell72 wrote:

> ok tht seems to work so far..thanks
>
> On Sat, 8 Nov 2003, Mike Kirk wrote:
>
> > > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.0.1 --dport
> > 8888 -j dnat
> > > --to 192.168.0.66:8888
> > >
> > > iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.66 --dport 8888 -j ACCEPT
> > >
> > > I'm using coyote linux firewall and figured it to be as easy as forwarding
> > a
> > > port but no luck.
> >
> > I use something like this:
> >
> > iptables -t nat -A PREROUTING -i ${INTERNET} -p tcp --dport 6346 -j
> > DNAT --to-dest 192.168.0.27
> > iptables -A FORWARD -i ${INTERNET} -o ${INSIDE} -p tcp -d
> > 192.168.0.27 --dport 6346 -j ACCEPT
> >
> > Since I'm not also redirecting the port my first line doesn't have the port
> > on the end of the "to" address (which I guess may be valid anyways) and my
> > 2nd line specifically has an output "-o" because of multiple interface, but
> > I don't know if you need it as well.
> >
> > Does the internal machine already work with NAT through your router (i.e.
> > can you web browse with it?).
> >
> > Maybe try stripping the port from "to" on your first line and just rely on
> > the "--dport" in your second line to handle the port?
> >
> > Good luck!
> >
> >   Mike
> >
> > --
> > The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> > TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> > How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
> >
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
>
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list