[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FC4 firewall and port forwarding



On 3/25/06, Noah <admin2 enabled com> wrote:
> > Any other URL suggestions from others?

Hi Noah,

Try something like this in a file that runs at system startup:

#---------------- cut here
### Define your outside interface and inside target address ... 192.168.1.10 is just an example
WAN=eth0
LAN=192.168.1.10

### Define user tables
iptables -N forwarding_rule
iptables -t nat -N prerouting_rule

### Link users tables into default tables
iptables -A FORWARD -j forwarding_rule
iptables -t nat -A PREROUTING -j prerouting_rule

### Clean tables
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule

### Port forwarding as many ports as you want in only 4 lines
### These are just examples but what is important is that there are no spaces in the port list
# tcp ports
iptables -t nat -A prerouting_rule -i $WAN -p tcp --match multiport --dport 22,80,15000,5556 -j DNAT --to $LAN
iptables        -A forwarding_rule -i $WAN -p tcp --match multiport --dport 22,80,15000,5556 -d $LAN -j ACCEPT
# udp ports
iptables -t nat -A prerouting_rule -i $WAN -p udp --match multiport --dport 15000,5556 -j DNAT --to $LAN
iptables        -A forwarding_rule -i $WAN -p udp --match multiport --dport 15000,5556 -d $LAN -j ACCEPT

#----------------- end cut here

I just extracted this out of my Linksys system but it should work fine for you. There may be some setup stuff in other script that I missed though. Some of the NAT HOWTOs will give you some guidance here. Watch for any word wrapping ... each command line should start with iptables. You could, of course, change these commands to insert the rules right into your system FORWARD and PREROUTING and do away with making user tables but your rules might then be clobbered by other firewall configuration tools. They might anyways but this at least this has a chance of keeping them somewhat separate.

Hope this helps.
/Mike

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]