iptables

gbell72 gbell72-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Sun Nov 9 01:36:10 UTC 2003


Awesome, getting rid of the A and replacing with the I did the job, thank you to
u and Kevin for your assistance.  Have a great weekend.

Gardner

On Sat, 8 Nov 2003, GDHough wrote:

> I'm sure you'd like to get this working over the weekend so...
>
> Get rid of the -A's and use -I for INSERT IN_stead. Here is my script I used
> many moons ago to play in the ZONE from a WinBox inside the network. It
> worked then and it has remained unchanged. Watch the word wrap!
>
> #!/bin/sh
> # Script named "opengame" to open gaming ports for the zone.msn.com
> # MS Direct Play Server
> #
> echo "opening wifey's game ports and exposing my precious system to an
> abnormally permiscuous state of vulnerability" << Someone may recall ;-)
> iptables -t nat -I PREROUTING -p tcp --dport 2300:2400 -i ppp0 -j DNAT --to
> 192.168.1.20
> iptables -t nat -I PREROUTING -p udp --dport 2300:2400 -i ppp0 -j DNAT --to
> 192.168.1.20
> iptables -t nat -I PREROUTING -p tcp --dport 1723 -i ppp0 -j DNAT --to
> 192.168.1.20
> #iptables -t nat -I PREROUTING -p tcp --dport 6667 -i ppp0 -j DNAT --to
> 192.168.1.20
> iptables -t nat -I PREROUTING -p udp --dport 28800:29100 -i ppp0 -j DNAT --to
> 192.168.1.20
> iptables -t nat -I PREROUTING -p tcp --dport 47624 -i ppp0 -j DNAT --to
> 192.168.1.20
> iptables -t nat -I PREROUTING -p udp --dport 47624 -i ppp0 -j DNAT --to
> 192.168.1.20
> #
> # Forwarding
> iptables -I FORWARD -p tcp -d 192.168.1.20 --dport 2300:2400 -j ACCEPT
> iptables -I FORWARD -p udp -d 192.168.1.20 --dport 2300:2400 -j ACCEPT
> iptables -I FORWARD -p tcp -d 192.168.1.20 --dport 1723 -j ACCEPT
> #iptables -I FORWARD -p tcp -d 192.168.1.20 --dport 6667 -j ACCEPT
> iptables -I FORWARD -p udp -d 192.168.1.20 --dport 28800:29100 -j ACCEPT
> iptables -I FORWARD -p tcp -d 192.168.1.20 --dport 47624 -j ACCEPT
> iptables -I FORWARD -p udp -d 192.168.1.20 --dport 47624 -j ACCEPT
> #
> echo "done"
>
> Create a duplicate script and change all the -I's to -D's and you can easily
> remove all the rules in one fell swoop.
>
> farmer6re9
>
> On Saturday 08 November 2003 14:44, gbell72 wrote:
> > Hmm..well it seems that my server is trying to allow outside access..but
> > I've had 3 ppl test it and they are receiving a 504 gateway error..is it
> > possible I have eth0 and eth1 in the wrong position of the rules?
> >
> > On Sat, 8 Nov 2003, gbell72 wrote:
> > > Umm yes the -i was needed..and it works for everyone on my internal lan.
> > > I just need to figure out how to let the person thats on the outside in.
> > >
> > > On Sat, 8 Nov 2003, Kevin Cozens wrote:
> > > > At 01:27 PM 11/08/2003 -0500, gbell72 wrote:
> > > > >Bad argument `eth1'
> > > >
> > > > [snip]
> > > >
> > > > >iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 8888 -m state
> > > > > --state NEW,ESTABLISHED,RELATED -j ACCEPT
> > > > >
> > > > >iptables -A PREROUTING -t nat -p tcp eth1 --dport 8888 -j DNAT
> > > > > --to-dest 192.168.0.66:8888
> > > >
> > > > Should that second line have '-i' before eth1?
> > > >
> > > >
> > > > Cheers!
> --
> Eating Crow is better with MyCrowSauce
>
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
>
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list