From: Vlad Janicek <vladjanicek@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Re: whats wrong???
Date: Tue, 28 Jun 2005 21:09:49 -0400 [thread overview]
Message-ID: <96bc76cf0506281809239e7d3c@mail.gmail.com> (raw)
In-Reply-To: <42C1913F.1000806@adinet.com.uy>
2005/6/28, Juan Manuel Tato <madness@adinet.com.uy>:
>
> # Policies.
> #
> $IPT -P INPUT ACCEPT
> $IPT -P OUTPUT ACCEPT
> $IPT -P FORWARD ACCEPT
You usually drop everything first, then you open each port and service one
by one
Normalmente cierras todo primero, despues es que abres cada puerto y
servicio
echo 1 > /proc/sys/net/ipv4/ip_forward
>
> $IPT -t nat -A POSTROUTING -o $INT -j SNAT --to pub.lic.ip.addr
>
> # This rule protects your fowarding rule.
> $IPT -A FORWARD -i $INT -m state --state NEW,INVALID -j DROP
remove this for testing
quita esto para probar
# defino la ip de mi servidor interno
> SRV=" 192.168.100.1 <http://192.168.100.1/>"
>
> $IPT -t nat -A PREROUTING -i $INT -p tcp --dport 25 -j DNAT --to
> 192.168.100.1:25 <http://192.168.100.1:25/>
> $IPT -t nat -A PREROUTING -i $INT -p tcp --dport 53 -j DNAT --to $SRV
> $IPT -t nat -A PREROUTING -i $INT -p udp --dport 53 -j DNAT --to $SRV
> $IPT -t nat -A PREROUTING -i $INT -p tcp --dport 110 -j DNAT --to $SRV
> $IPT -t nat -A PREROUTING -i $INT -p udp --dport 110 -j DNAT --to $SRV
> $IPT -t nat -A PREROUTING -i $INT -p tcp --dport 80 -j DNAT --to
> 192.168.100.1:80 <http://192.168.100.1/>
> $IPT -t nat -A PREROUTING -i $INT -p udp --dport 80 -j DNAT --to
> 192.168.100.1:80 <http://192.168.100.1/>
> $IPT -t nat -A PREROUTING -i $INT -p tcp --dport 143 -j DNAT --to $SRV
> $IPT -t nat -A PREROUTING -i $INT -p udp --dport 143 -j DNAT --to $SRV
what if you tried something like this for external packets looking for a
system inside:
que si intentas algo como esto para el ruteo interno de paquetes externos:
iptables -A FORWARD -d your_lans_server_ip -p tcp --dport 110 -j ACCEPT
iptables -t nat -A PREROUTING -d your_external_nic -p tcp --dport 110 \
-j DNAT --to-destination your_lans_server_ip:110
--
Vlad
next prev parent reply other threads:[~2005-06-29 1:09 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-28 16:40 whats wrong??? Juan Manuel Tato
2005-06-28 17:32 ` Vlad Janicek
2005-06-28 18:04 ` Juan Manuel Tato
2005-06-29 1:09 ` Vlad Janicek [this message]
2005-06-30 10:43 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=96bc76cf0506281809239e7d3c@mail.gmail.com \
--to=vladjanicek@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.