postrouting and dmz
Pete Nesbitt
pete at linux1.ca
Wed Feb 25 09:33:00 UTC 2004
On February 24, 2004 10:58 pm, ip tables wrote:
> Hello,
>
> I use iptables 1.2.7a on RH 9.0 when i enable
> iptables -t nat --policy PREROUTING DROP
> it stops my connecting to the services offerd @ the
> natted dmz. Also nmap shows the ports opened when i do
> a "connect" scan. I have no user defined chanins. Any
> idea?
>
> Thanks and regards
Hi,
why do you have PREROUTING DROP that will kill everything (but I do not
beleive it is valid) ? --policy is normally set near the top of the
script/ruleset, and is not required for PRE or POST routing, just for input,
output, forward and user defined.
If I follow what you are after, try something like:
#inbound redircts to webserver on dmz
$IPTABLES -A PREROUTING -t nat -p tcp -i $EXT_IF --dport 80 -j DNAT
--to-destination $WEB_SERVER
# outbound web server connections are all masquaraded
$IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $WEB_SERVER -j MASQUERADE
Let me know if you need more details as you have not given much information
about the rest of the rules or the access senario.
--
Pete Nesbitt, rhce
More information about the redhat-list
mailing list