iptables - port redirection - VNC
GK
guskasus at yahoo.com.ar
Thu Jun 24 16:37:16 UTC 2004
Ooooops....! I`m sorry.
Thanks!! It`s working now. The PC (192.168.10.79) has problems! ... well
is a MS-Windows.
Thanks a lot.
GusKa.
El jue, 24 de 06 de 2004 a las 12:17, Nathaniel Hall escribió:
> Just by scanning over it pretty quickly, this is what I would do.
>
> $IPTABLES -A PREROUTING -d $PUBLICIP -p tcp -m tcp --dport 5900 -j DNAT
> --to-destination 192.168.10.79:5900
> $IPTABLES -A FORWARD -d 192.168.10.79 -p tcp -m tcp --dport 5900 -j ACCEPT
> $IPTABLES -A PREROUTING -d $PUBLICIP -p tcp -m tcp --dport 80 -j DNAT
> --to-destination 192.168.10.80:80
> $IPTABLES -A FORWARD -d 192.168.10.80 -p tcp -m tcp --dport 80 -j ACCEPT
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~
> Nathaniel Hall
> Intrusion Detection and Firewall Technician
> Ozarks Technical Community College -- Office of Computer Networking
> 417-799-0552
>
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com]
> On Behalf Of GK
> Sent: Thursday, June 24, 2004 10:06 AM
> To: redhat-list at redhat.com
> Subject: iptables - port redirection - VNC
>
> Hi, I am newbie in iptables. I must be do something bad. Are there a
> expert in iptables? Sure!
> I need do port redirection from outside (internet) to inside (one
> especific PC). But the packets from Internet to my public IP (port 5900)
> are DROPed.
> I need access via VNC from Internet to LAN inside and another ports
> (8080). These are a few lines from my script to configure iptables.
>
> Somebody can help me, please?
> Does anyone have any ideas?
> Thanks in advance,
>
> GusKa.
>
> ---------------------
>
> # eth0 local interface to Internet.
> # eth1 local interface to private LAN.
> # ppp0
>
> #PRIVATE= private LAN
> #EXTINT= Outside interface
> #INTINT= Inside Interface
> #EXTPPP= Outside public Interface
> #PUBLICIP= My Public IP
>
>
> PRIVATE=192.168.10.0/24
> EXTINT=eth0
> INTINT=eth1
> EXTPPP=ppp0
> PUBLICIP=201.254.205.12
> LOOP=127.0.0.1
>
> $IPTABLES -P OUTPUT ACCEPT
> $IPTABLES -P INPUT DROP
> $IPTABLES -P FORWARD DROP
>
>
> # NAT to Outside.
> $IPTABLES -t nat -A POSTROUTING -s $PRIVATE -p tcp -o $EXTPPP -j SNAT
> --to $PUBLICIP
>
>
> $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> # VNC to PC inside (private LAN)
> $IPTABLES -A PREROUTING -t nat -p tcp -d $PUBLICIP --dport 5900 -j DNAT
> --to 192.168.10.79:5900
> $IPTABLES -A FORWARD -i $EXTINT -o $INTINT -p tcp --dport 5900 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
> # HTTP 8080 to server inside httpd
> $IPTABLES -A PREROUTING -t nat -p tcp -d $PUBLICIP --dport 8080 -j DNAT
> --to 192.168.10.80:80
> $IPTABLES -A FORWARD -i $EXTINT -o $INTINT -p tcp --dport 8080 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> # www, dns, smtp are open
> $IPTABLES -A INPUT -p tcp --dport http -j ACCEPT
> $IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT
> $IPTABLES -A INPUT -p tcp --dport smtp -j ACCEPT
> $IPTABLES -A INPUT -p tcp --dport domain -j ACCEPT
> $IPTABLES -A INPUT -p udp --dport domain -j ACCEPT
>
>
> # Masquerading rule
> $IPTABLES -A INPUT -s $PRIVATE -m state --state NEW -j ACCEPT
> $IPTABLES -A OUTPUT -s $PRIVATE -m state --state NEW -j ACCEPT
> $IPTABLES -A FORWARD -s $PRIVATE -m state --state NEW -j ACCEPT
>
>
> # All in loopack
> $IPTABLES -A INPUT -i lo -j ACCEPT
> $IPTABLES -A OUTPUT -o lo -j ACCEPT
>
>
> # All in private LAN
> $IPTABLES -A INPUT -i $INTINT -j ACCEPT
> $IPTABLES -A FORWARD -i $INTINT -j ACCEPT
>
> $IPTABLES -A INPUT -j DROP
> $IPTABLES -A FORWARD -j DROP
>
>
>
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list