* NAT, ports and iptables
@ 2002-06-02 1:53 iptables
2002-06-02 8:21 ` Antony Stone
0 siblings, 1 reply; 2+ messages in thread
From: iptables @ 2002-06-02 1:53 UTC (permalink / raw)
To: netfilter
I am quite new to LINUX and Iptables, i have worked some with FreeBSD
and ipfw, but now i am werry confused by the way iptable handles the
roules.
I hope that some of you can help me.
I have made the script listed below, from pieces found on the internet,
and it also works fine, with NAT and no ports are open out to the
internet.
But can anyone tell men how i can open for ports, so they can bee
accessed from the internet.
I would like joust to open some ports (80,21,22.).
And then i would linke to translate a port to an local Ip
address, so i can access a PC on my local LAN from the internet.
Is the rules i have made okay, or is there an better way to doo the
trick.
Is there a place where there is a description of iptables and its
posibilities?
Thanks (and sorry for by bad english)
/Graves Kilsgaard
Here is my script:
--------------------------------------------------------------------
#!/bin/bash
# Variables
FWCMD="/sbin/iptables"
FWSAVE="/sbin/iptables"
OUTIP="***.***.***.***"
OUTEth='eth1'
#Flush all rules
$FWCMD -t nat -F
$FWCMD -F
$FWCMD -X block
#Stopping service
/etc/rc.d/init.d/iptables stop
#Enable nat
$FWCMD -t nat -A POSTROUTING -o $OUTEth -j SNAT --to-source $OUTIP
#Setting rules
$FWCMD -N block
$FWCMD -A INPUT -j block
$FWCMD -A FORWARD -j block
$FWCMD -A block -m state --state RELATED,ESTABLISHED -j ACCEPT
$FWCMD -A block -i ! eth1 -m state --state NEW -j ACCEPT
$FWCMD -A block -j DROP
#Saving rules
/etc/rc.d/init.d/iptables save
#Starting service
/etc/rc.d/init.d/iptables start
--------------------------------------------------------------------
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: NAT, ports and iptables
2002-06-02 1:53 NAT, ports and iptables iptables
@ 2002-06-02 8:21 ` Antony Stone
0 siblings, 0 replies; 2+ messages in thread
From: Antony Stone @ 2002-06-02 8:21 UTC (permalink / raw)
To: netfilter
On Sunday 02 June 2002 2:53 am, iptables@kilsgaard.dk wrote:
> I would like to open some ports (80,21,22.).
> And then i would like to translate a port to a local Ip
> address, so i can access a PC on my local LAN from the internet.
> Is the rules i have made okay, or is there an better way to do the
> trick.
>
> Is there a place where there is a description of iptables and its
> possibilities?
You want:
http://www.netfilter.org/documentation
specifically
http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO.html
and maybe also
http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html
http://www.netfilter.org/documentation/HOWTO/networking-concepts-HOWTO.html
Antony.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-06-02 8:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-06-02 1:53 NAT, ports and iptables iptables
2002-06-02 8:21 ` Antony Stone
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.