Linux Netfilter discussions
 help / color / mirror / Atom feed
* nat rules for 2 networks
@ 2007-12-05 17:59 jamr
  0 siblings, 0 replies; only message in thread
From: jamr @ 2007-12-05 17:59 UTC (permalink / raw)
  To: netfilter

Hi list,
        
        I'm having problens regarding iptables using 2 different
        networks:
        
        In my interfaces I have:
        
        eth0 -> 10.6.6.0/255.255.255.0
        eth0:0 -> 192.168.7.0/255.255.255.0
        
        Sometimes, the workstations behind the nat firewall loses
        connection to
        some sites. The problem seems to stop when the user reboot his
        machine
        or I disable the transparent proxy rule.
        
        I don't know if there is any sysctl atribute to change for
        this...
        here are my rules:
        
        iptables -A PREROUTING -t nat -p tcp -d xxx.dyndns.info --dport
        2121 -j
        DNAT --to 10.6.6.1:22
        
        #bloqueio msn
        iptables -A FORWARD -p tcp -s 10.6.6.199 --dport 1800:1899 -j
        ACCEPT
        iptables -A FORWARD -p tcp -s 10.6.6.242 --dport 1800:1899 -j
        ACCEPT
        iptables -A FORWARD -p tcp --dport 1800:1899 -j REJECT
        
        # regras de nat
        iptables -t nat -A POSTROUTING -s 0/0 -j MASQUERADE
        
        #iptables -t nat -A POSTROUTING -s 10.6.6.0/255.255.255.0 -j
        MASQUERADE
        
        iptables -A FORWARD -s 10.6.6.0/255.255.255.0 -j ACCEPT
        iptables -A FORWARD -d 10.6.6.0/255.255.255.0 -m state --state
        RELATED,ESTABLISHED -j ACCEPT
        
        iptables -A FORWARD -s 192.168.7.0/255.255.255.0 -j ACCEPT
        iptables -A FORWARD -d 192.168.7.0/255.255.255.0 -m state
        --state
        RELATED,ESTABLISHED -j ACCEPT
        
        # liberacao de portas no servidor lapaz.poa.chipsat.com.br
        
        iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
        iptables -A INPUT -p tcp -m tcp --dport 4143 -j ACCEPT
        #iptables -A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT
        
        # libera interfaces desejadas e bloqueia o resto tudo.
        
        iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j
        ACCEPT
        iptables -A INPUT -i lo -j ACCEPT
        iptables -A INPUT -i eth0 -j ACCEPT
        iptables -A INPUT -p tcp -j REJECT --reject-with
        icmp-proto-unreachable
        
        
        # forca navegacao pelo proxy
        
        iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
        REDIRECT
        --to-port 3128
        
        I'm runing SLES 10.
        
        Thanks in advance,
        
        Joao Reis


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2007-12-05 17:59 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-12-05 17:59 nat rules for 2 networks jamr

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox