How to do port forwarding dynamically

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hi All,

I am trying to set up a web server inside my home lan. Firewall is 
running on the gatewaty.

Below is the script for the firewall... (its very simple.. I downloaded 
it from the net)



*****************************************

#!/bin/sh

#

# rc.firewall-2.4

FWVER=0.70



echo -e "\n\nLoading simple rc.firewall version $FWVER..\n"

echo -e "\n\nLoading simple rc.firewall version $FWVER..\n"





IPTABLES=/sbin/iptables

DEPMOD=/sbin/depmod

INSMOD=/sbin/insmod



EXTIF="eth0"

INTIF1="eth1"

INTIF2="eth2"

echo "   External Interface:  $EXTIF"

echo "   Internal Interface1:  $INTIF1"

echo "   Internal Interface2:  $INTIF2"



echo -en "   loading modules: "

echo "  - Verifying that all kernel modules are ok"

$DEPMOD -a

echo 
"----------------------------------------------------------------------"



echo -en "ip_tables, "

$INSMOD ip_tables



echo -en "ip_conntrack, "

$INSMOD ip_conntrack



echo -en "ip_conntrack_ftp, "

$INSMOD ip_conntrack_ftp



echo -en "ip_conntrack_irc, "

$INSMOD ip_conntrack_irc



echo -en "iptable_nat, "

$INSMOD iptable_nat



echo -en "ip_nat_ftp, "

$INSMOD ip_nat_ftp



echo ".  Done loading modules."



echo "   enabling forwarding.."

echo "1" > /proc/sys/net/ipv4/ip_forward

echo "   enabling DynamicAddr.."

echo "1" > /proc/sys/net/ipv4/ip_dynaddr



echo "   clearing any existing rules and setting default policy.."

$IPTABLES -P INPUT ACCEPT

$IPTABLES -F INPUT

$IPTABLES -P OUTPUT ACCEPT

$IPTABLES -F OUTPUT

$IPTABLES -P FORWARD DROP

$IPTABLES -F FORWARD

$IPTABLES -t nat -F



echo "   FWD: Allow all connections OUT and only existing and related 
ones IN"

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF1 -m state --state 
ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF -j ACCEPT

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF2 -m state --state 
ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -j ACCEPT

$IPTABLES -A FORWARD -j LOG



echo "   Enabling SNAT (MASQUERADE) functionality on $EXTIF"

$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE



echo -e "\nrc.firewall-2.4 v$FWVER done.\n"



**********************************************************************************************

I have stripped off the comments for simplicity. Now when I want to open 
a port and forward it I am trying to execute the following 2 commands...



$iptables -A INPUT -j ACCEPT -p tcp --syn --destination-port 5000

$iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 5000 -j DNAT 
--to-destination 192.168.1.30:80



Shouldnt this forward port 5000 to the internal box on port 80. But this 
is not working. Can someone please help me to correct this script.

Actually I want just 2 lines which I can run for any port and can open 
and forward it to anymachine of my choice...



Any quick help would be very much appreciated...

Thanks and advance..

Dp




























[Index of Archives]
 
 
[Linux Netfilter Development]
 
 
[Linux Kernel Networking Development]
 
 
[Netem]
 
 
[Berkeley Packet Filter]
 
 
[Linux Kernel Development]
 
 
[Advanced Routing & Traffice Control]
 
 
[Bugtraq]


















 
Powered by Linux