iptables
GDHough
mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ at public.gmane.org
Sun Nov 9 01:11:38 UTC 2003
I'm sure you'd like to get this working over the weekend so...
Get rid of the -A's and use -I for INSERT IN_stead. Here is my script I used
many moons ago to play in the ZONE from a WinBox inside the network. It
worked then and it has remained unchanged. Watch the word wrap!
#!/bin/sh
# Script named "opengame" to open gaming ports for the zone.msn.com
# MS Direct Play Server
#
echo "opening wifey's game ports and exposing my precious system to an
abnormally permiscuous state of vulnerability" << Someone may recall ;-)
iptables -t nat -I PREROUTING -p tcp --dport 2300:2400 -i ppp0 -j DNAT --to
192.168.1.20
iptables -t nat -I PREROUTING -p udp --dport 2300:2400 -i ppp0 -j DNAT --to
192.168.1.20
iptables -t nat -I PREROUTING -p tcp --dport 1723 -i ppp0 -j DNAT --to
192.168.1.20
#iptables -t nat -I PREROUTING -p tcp --dport 6667 -i ppp0 -j DNAT --to
192.168.1.20
iptables -t nat -I PREROUTING -p udp --dport 28800:29100 -i ppp0 -j DNAT --to
192.168.1.20
iptables -t nat -I PREROUTING -p tcp --dport 47624 -i ppp0 -j DNAT --to
192.168.1.20
iptables -t nat -I PREROUTING -p udp --dport 47624 -i ppp0 -j DNAT --to
192.168.1.20
#
# Forwarding
iptables -I FORWARD -p tcp -d 192.168.1.20 --dport 2300:2400 -j ACCEPT
iptables -I FORWARD -p udp -d 192.168.1.20 --dport 2300:2400 -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.1.20 --dport 1723 -j ACCEPT
#iptables -I FORWARD -p tcp -d 192.168.1.20 --dport 6667 -j ACCEPT
iptables -I FORWARD -p udp -d 192.168.1.20 --dport 28800:29100 -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.1.20 --dport 47624 -j ACCEPT
iptables -I FORWARD -p udp -d 192.168.1.20 --dport 47624 -j ACCEPT
#
echo "done"
Create a duplicate script and change all the -I's to -D's and you can easily
remove all the rules in one fell swoop.
farmer6re9
On Saturday 08 November 2003 14:44, gbell72 wrote:
> Hmm..well it seems that my server is trying to allow outside access..but
> I've had 3 ppl test it and they are receiving a 504 gateway error..is it
> possible I have eth0 and eth1 in the wrong position of the rules?
>
> On Sat, 8 Nov 2003, gbell72 wrote:
> > Umm yes the -i was needed..and it works for everyone on my internal lan.
> > I just need to figure out how to let the person thats on the outside in.
> >
> > On Sat, 8 Nov 2003, Kevin Cozens wrote:
> > > At 01:27 PM 11/08/2003 -0500, gbell72 wrote:
> > > >Bad argument `eth1'
> > >
> > > [snip]
> > >
> > > >iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 8888 -m state
> > > > --state NEW,ESTABLISHED,RELATED -j ACCEPT
> > > >
> > > >iptables -A PREROUTING -t nat -p tcp eth1 --dport 8888 -j DNAT
> > > > --to-dest 192.168.0.66:8888
> > >
> > > Should that second line have '-i' before eth1?
> > >
> > >
> > > Cheers!
--
Eating Crow is better with MyCrowSauce
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list