* [LARTC] iptables + pcanywhere
@ 2002-10-16 7:09 Marco Hainaut
2002-10-16 16:25 ` Stephane Ouellette
0 siblings, 1 reply; 2+ messages in thread
From: Marco Hainaut @ 2002-10-16 7:09 UTC (permalink / raw)
To: lartc
hello ,
I'm newbee with iptables and firewalling and my question is :
How can I do to authorise access to a workstation in a local network with
pcanywhere from the outside trough my "routing-firewalling' red hat 8 box
newly installed from scratch ?
eth0 = external if ( 212.145.X.X )
eth1 = local if (192.168.0.2)
used ports : 5631 (tcp) & 5632 (udp)
Is there somebody can help me to write the correct script to make it
working ?
regards,
Marco Hainaut
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LARTC] iptables + pcanywhere
2002-10-16 7:09 [LARTC] iptables + pcanywhere Marco Hainaut
@ 2002-10-16 16:25 ` Stephane Ouellette
0 siblings, 0 replies; 2+ messages in thread
From: Stephane Ouellette @ 2002-10-16 16:25 UTC (permalink / raw)
To: lartc
Marco Hainaut wrote:
> hello ,
>
> I'm newbee with iptables and firewalling and my question is :
>
> How can I do to authorise access to a workstation in a local network
> with pcanywhere from the outside trough my "routing-firewalling' red hat
> 8 box newly installed from scratch ?
>
> eth0 = external if ( 212.145.X.X )
> eth1 = local if (192.168.0.2)
> used ports : 5631 (tcp) & 5632 (udp)
>
>
> Is there somebody can help me to write the correct script to make it
> working ?
>
> regards,
>
> Marco Hainaut
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
Marco,
suppose the IP address of your PC/Anywhere workstation is $PCANY.
Then you need at least the following rules:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5631 -j DNAT
--to-destination $PCANY
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5632 -j DNAT
--to-destination $PCANY
iptables -t filter -A FORWARD -i eth0 -o eth1 -p tcp -m state --dport
5631 --syn --state NEW -j ACCEPT
iptables -t filter -A FORWARD -i eth0 -o eth1 -p udp --dport 5632 -j ACCEPT
iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# If you need to nat all outgoing trafic...
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE
Regards,
Stephane.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-10-16 16:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-10-16 7:09 [LARTC] iptables + pcanywhere Marco Hainaut
2002-10-16 16:25 ` Stephane Ouellette
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.