iptables

GDHough mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ at public.gmane.org
Sun Nov 9 01:11:38 UTC 2003 

I'm sure you'd like to get this working over the weekend so...

Get rid of the -A's and use -I for INSERT IN_stead. Here is my script I used 
many moons ago to play in the ZONE from a WinBox inside the network. It 
worked then and it has remained unchanged. Watch the word wrap!

#!/bin/sh
# Script named "opengame" to open gaming ports for the zone.msn.com
# MS Direct Play Server
#
echo "opening wifey's game ports and exposing my precious system to an 
abnormally permiscuous state of vulnerability" << Someone may recall ;-)
iptables -t nat -I PREROUTING -p tcp --dport 2300:2400 -i ppp0 -j DNAT --to 
192.168.1.20
iptables -t nat -I PREROUTING -p udp --dport 2300:2400 -i ppp0 -j DNAT --to 
192.168.1.20
iptables -t nat -I PREROUTING -p tcp --dport 1723 -i ppp0 -j DNAT --to 
192.168.1.20
#iptables -t nat -I PREROUTING -p tcp --dport 6667 -i ppp0 -j DNAT --to 
192.168.1.20
iptables -t nat -I PREROUTING -p udp --dport 28800:29100 -i ppp0 -j DNAT --to 
192.168.1.20
iptables -t nat -I PREROUTING -p tcp --dport 47624 -i ppp0 -j DNAT --to 
192.168.1.20
iptables -t nat -I PREROUTING -p udp --dport 47624 -i ppp0 -j DNAT --to 
192.168.1.20
#
# Forwarding
iptables -I FORWARD -p tcp -d 192.168.1.20 --dport 2300:2400 -j ACCEPT
iptables -I FORWARD -p udp -d 192.168.1.20 --dport 2300:2400 -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.1.20 --dport 1723 -j ACCEPT
#iptables -I FORWARD -p tcp -d 192.168.1.20 --dport 6667 -j ACCEPT
iptables -I FORWARD -p udp -d 192.168.1.20 --dport 28800:29100 -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.1.20 --dport 47624 -j ACCEPT
iptables -I FORWARD -p udp -d 192.168.1.20 --dport 47624 -j ACCEPT
#
echo "done"

Create a duplicate script and change all the -I's to -D's and you can easily 
remove all the rules in one fell swoop.

farmer6re9

On Saturday 08 November 2003 14:44, gbell72 wrote:
> Hmm..well it seems that my server is trying to allow outside access..but
> I've had 3 ppl test it and they are receiving a 504 gateway error..is it
> possible I have eth0 and eth1 in the wrong position of the rules?
>
> On Sat, 8 Nov 2003, gbell72 wrote:
> > Umm yes the -i was needed..and it works for everyone on my internal lan.
> > I just need to figure out how to let the person thats on the outside in.
> >
> > On Sat, 8 Nov 2003, Kevin Cozens wrote:
> > > At 01:27 PM 11/08/2003 -0500, gbell72 wrote:
> > > >Bad argument `eth1'
> > >
> > > [snip]
> > >
> > > >iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 8888 -m state
> > > > --state NEW,ESTABLISHED,RELATED -j ACCEPT
> > > >
> > > >iptables -A PREROUTING -t nat -p tcp eth1 --dport 8888 -j DNAT
> > > > --to-dest 192.168.0.66:8888
> > >
> > > Should that second line have '-i' before eth1?
> > >
> > >
> > > Cheers!
-- 
Eating Crow is better with MyCrowSauce

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list