* port fowarding problems
@ 2004-02-13 0:30 Aaron Steimle
0 siblings, 0 replies; only message in thread
From: Aaron Steimle @ 2004-02-13 0:30 UTC (permalink / raw)
To: netfilter
I have read through some of the list and have tried a lot of stuff from
list, but I am still having problems.
I want to ssh from public ip to private ip.
Everything works internally just can't access anything from outside.
below is rules set and output after ruleset is run.
any help would be great.
++++++++++++++++++++++++++++++++++++++++++=
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
EXTIF="eth0"
INTIF="eth1"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
echo -en " loading modules: "
# Need to verify that all modules have all required dependencies
#
echo " - Verifying that all kernel modules are ok"
$DEPMOD -a
echo
"----------------------------------------------------------------------"
#Load the main body of the IPTABLES module - "iptable"
# - Loaded automatically when the "iptables" command is invoked
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "ip_tables, "
$MODPROBE ip_tables
echo -en "ip_conntrack, "
$MODPROBE ip_conntrack
echo -en "ip_conntrack_ftp, "
$MODPROBE ip_conntrack_ftp
echo -en "ip_conntrack_irc, "
$MODPROBE ip_conntrack_irc
echo -en "iptable_nat, "
$MODPROBE iptable_nat
echo -en "ip_nat_ftp, "
$MODPROBE ip_nat_ftp
echo -e " Done loading modules.\n"
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
PORTFWIP="192.168.1.101"
EXTIP="work IP"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 22 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 22
-j DNAT --to $PORTFWIP:22
echo " FWD: Allow all connections OUT and only existing and related
ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "\nDone.\n"
+++++++++++++++++++++++++++++++++++++++
External Interface: eth0
Internal Interface: eth1
loading modules: - Verifying that all kernel modules are ok
----------------------------------------------------------------------
ip_tables, ip_conntrack, ip_conntrack_ftp, ip_conntrack_irc,
iptable_nat, ip_nat_ftp,
----------------------------------------------------------------------
Done loading modules.
Enabling forwarding..
Enabling DynamicAddr..
Clearing any existing rules and setting default policy..
FWD: Allow all connections OUT and only existing and related ones IN
Enabling SNAT (MASQUERADE) functionality on eth0
Done.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-02-13 0:30 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-02-13 0:30 port fowarding problems Aaron Steimle
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox