sub interface filtering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi guys I have the following setup and rules. And I cant seem to get the
filtering to work.



Interfaces:



eth0

<internetIP>

eth1

<privateIP>

eth2

<routeable internetIP/28>

eth2:0

<routeable internetIP/28>

eth2:1

<routeable internetIP/28>



I have the following rules



iptables -P FORWARD DROP

iptables -I FORWARD -i eth0 -o eth2 -p tcp -m state --state
NEW,ESTABLISHED,RELATED --dport 80 -j ACCEPT

iptables -I FORWARD -i eth0 -o eth2 -p tcp -m state --state
NEW,ESTABLISHED,RELATED --dport 443 -j ACCEPT

iptables -A FORWARD -i eth0 -o eth2 -p tcp -m state --state
NEW,ESTABLISHED,RELATED,INVALID -j DROP



iptables -t nat -A PREROUTING -p tcp <routeable internetIP/28> --dport 80 -j
DNAT --to 192.168.1.197

iptables -t nat -A PREROUTING -p tcp <routeable internetIP/28> --dport
443 -j DNAT --to 192.168.1.197
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.197 -j SNAT --to
<routeable internetIP/28

ifconfig eth2:0 <routeable internetIP/28> broadcast <routeable
internetIP/28> netmask 255.255.255.240


iptables -t nat -A PREROUTING -p tcp -d <routeable internetIP/28 --dport
80 -j DNAT --to 192.168.1.198

iptables -t nat -A PREROUTING -p tcp <routeable internetIP/28> --dport
443 -j DNAT --to 192.168.1.198
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.198 -j SNAT --to
<routeable internetIP/28

ifconfig eth2:1 <routeable internetIP/28> broadcast <routeable
internetIP/28> netmask 255.255.255.240






but when I scan eth2:1 or eth2:2 from an outside machine I can see ALL the
local services (ssh, ptptp,dns etc..) Is connection not passing the
forwading chain?
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux