FC4 firewall and port forwarding
Michael Wiktowy
michael.wiktowy at gmail.com
Sat Mar 25 23:38:02 UTC 2006
On 3/25/06, Noah <admin2 at enabled.com> wrote:
>
> > > Any other URL suggestions from others?
>
Hi Noah,
Try something like this in a file that runs at system startup:
#---------------- cut here
### Define your outside interface and inside target address ...
192.168.1.10is just an example
WAN=eth0
LAN=192.168.1.10
### Define user tables
iptables -N forwarding_rule
iptables -t nat -N prerouting_rule
### Link users tables into default tables
iptables -A FORWARD -j forwarding_rule
iptables -t nat -A PREROUTING -j prerouting_rule
### Clean tables
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
### Port forwarding as many ports as you want in only 4 lines
### These are just examples but what is important is that there are no
spaces in the port list
# tcp ports
iptables -t nat -A prerouting_rule -i $WAN -p tcp --match multiport --dport
22,80,15000,5556 -j DNAT --to $LAN
iptables -A forwarding_rule -i $WAN -p tcp --match multiport --dport
22,80,15000,5556 -d $LAN -j ACCEPT
# udp ports
iptables -t nat -A prerouting_rule -i $WAN -p udp --match multiport --dport
15000,5556 -j DNAT --to $LAN
iptables -A forwarding_rule -i $WAN -p udp --match multiport --dport
15000,5556 -d $LAN -j ACCEPT
#----------------- end cut here
I just extracted this out of my Linksys system but it should work fine for
you. There may be some setup stuff in other script that I missed though.
Some of the NAT HOWTOs will give you some guidance here. Watch for any word
wrapping ... each command line should start with iptables. You could, of
course, change these commands to insert the rules right into your system
FORWARD and PREROUTING and do away with making user tables but your rules
might then be clobbered by other firewall configuration tools. They might
anyways but this at least this has a chance of keeping them somewhat
separate.
Hope this helps.
/Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060325/daef306d/attachment-0001.htm>
More information about the fedora-list
mailing list