port-forwarding & iptables help, please?
- From: Greg Russell <me@xxxxxxxxxxx>
- Date: 17 Jan 2009 01:05:15 GMT
Hello, I'm under some time pressure here on a project and am asking for
serious help with 2 related items, please.
First I need some intelligent criticism and helpful re-structuring of the
following iptables rule set. The FORWARD chain seems wide open for one
thing.
Second I need help to properly port forward public requests https://
a.b.c.d/ where eth1 is publicly accessible, allowing w.x.y.1/23 to our
internal 10.0.0.9:443
Thank you.
*filter
:FORWARD ACCEPT [eth0:0]
:INPUT DROP [eth1:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -m state -i eth1 --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p tcp --syn -s w.x.y.1/23 --dport 8317 -m state --
state NEW -j ACCEPT
-A INPUT -m state -i eth1 --state NEW -j LOG --log-level 7 --log-prefix
UNSOLICITED:
COMMIT
*mangle
:PREROUTING ACCEPT [1471:303908]
:INPUT ACCEPT [636:240607]
:FORWARD ACCEPT [832:63181]
:OUTPUT ACCEPT [437:39285]
:POSTROUTING ACCEPT [1269:102466]
COMMIT
*nat
:PREROUTING ACCEPT [203:14045]
:POSTROUTING ACCEPT [192:12653]
:OUTPUT ACCEPT [20:1217]
-A PREROUTING -i eth1 -p tcp --syn -s w.x.y.0/23 --dport 8317 -j
DNAT --to-destination 10.0.0.9:443
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
.
- Follow-Ups:
- Re: port-forwarding & iptables help, please?
- From: Felix Tiede
- Re: port-forwarding & iptables help, please?
- From: Greg Russell
- Re: port-forwarding & iptables help, please?
- Prev by Date: Re: System intrusion detection, primarily on linux servers with a handful of others
- Next by Date: Re: port-forwarding & iptables help, please?
- Previous by thread: System intrusion detection, primarily on linux servers with a handful of others
- Next by thread: Re: port-forwarding & iptables help, please?
- Index(es):
