Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

iptables and port forwarding



 Hello, 
    I was given your address via a referal. 
    I've got an issue with iptables that i'm wondering if someone can help 
with? I'm not an iptables guru, but i have set up routers before, using 
FreeBSD and it's pf firewall. My issue now is i have a CentOS 
firewall/gateway and that part is working fine. The script provided is 
below, my problem is the webserver and the ssh server i don't want running 
on the public interface, i want to move them off the gateway machine to 
another box, and port forward the traffic. I've googled and not found the 
syntax that'll do this with the file i have. Is there an easier way of 
maintaining iptables files? 
Thanks. 
Dave. 

# Generated by iptables-save v1.3.5 on Thu Aug 30 10:56:55 2007 
*filter 
:INPUT ACCEPT [0:0] 
:FORWARD ACCEPT [0:0] 
:OUTPUT ACCEPT [9:1284] 
:LAN - [0:0] 
:WAN - [0:0] 
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT 
-A INPUT -p tcp -m tcp -i eth1 --dport 139 -m state --state NEW -j ACCEPT 
-A INPUT -p tcp -m tcp -i eth1 --dport 445 -m state --state NEW -j ACCEPT 
-A INPUT -p udp -m udp -i eth1 --dport 53 -m state --state NEW -j ACCEPT 
-A INPUT -p udp -m udp -i eth1 --dport 137 -m state --state NEW -j ACCEPT 
-A INPUT -p udp -m udp -i eth1 --dport 138 -m state --state NEW -j ACCEPT 
-A INPUT -j DROP 
-A FORWARD -i eth0 -j WAN 
-A FORWARD -i eth1 -j LAN 
-A FORWARD -j DROP 
-A OUTPUT -o lo -j ACCEPT 
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -o eth1 -m state --state NEW -j ACCEPT 
-A LAN -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A LAN -m state --state NEW -j ACCEPT 
-A LAN -j ACCEPT 
-A WAN -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A WAN -p tcp --dport 22 -m state --state NEW -j ACCEPT 
-A WAN -p tcp --dport 80 -m state --state NEW -j ACCEPT 
-A WAN -p tcp --dport 443 -m state --state NEW -j ACCEPT 
-A WAN -j DROP 
COMMIT 
*nat 
:PREROUTING ACCEPT [11:1792] 
:POSTROUTING ACCEPT [0:0] 
:OUTPUT ACCEPT [1:116] 
-A POSTROUTING -o eth0 -j MASQUERADE 
COMMIT 


-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 

_______________________________________________ 
Discuss mailing list 
[hidden email] 
http://lists.blu.org/mailman/listinfo/discuss
 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org