From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stephane Ouellette Date: Wed, 16 Oct 2002 16:25:37 +0000 Subject: Re: [LARTC] iptables + pcanywhere Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Marco Hainaut wrote: > hello , > > I'm newbee with iptables and firewalling and my question is : > > How can I do to authorise access to a workstation in a local network > with pcanywhere from the outside trough my "routing-firewalling' red hat > 8 box newly installed from scratch ? > > eth0 = external if ( 212.145.X.X ) > eth1 = local if (192.168.0.2) > used ports : 5631 (tcp) & 5632 (udp) > > > Is there somebody can help me to write the correct script to make it > working ? > > regards, > > Marco Hainaut > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > Marco, suppose the IP address of your PC/Anywhere workstation is $PCANY. Then you need at least the following rules: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5631 -j DNAT --to-destination $PCANY iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5632 -j DNAT --to-destination $PCANY iptables -t filter -A FORWARD -i eth0 -o eth1 -p tcp -m state --dport 5631 --syn --state NEW -j ACCEPT iptables -t filter -A FORWARD -i eth0 -o eth1 -p udp --dport 5632 -j ACCEPT iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # If you need to nat all outgoing trafic... iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE Regards, Stephane. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/