|
I'm trying to redirect connections from outside
(external interface) to a internal machine (192.168.200.252), but i dont know
why, nothing happend.
Someone can tell me whats wrong with this
rules?
#!/bin/bash
export IPTABLES=/usr/local/sbin/iptables
export MODPROBE=/sbin/modprobe $MODPROBE ip_nat_ftp
$MODPROBE ip_conntrack $MODPROBE ip_conntrack_ftp $MODPROBE ipt_string echo 1 > /proc/sys/net/ipv4/ip_forward $IPTABLES -F
$IPTABLES -F -t nat $IPTABLES -F -t mangle $IPTABLES -X $IPTABLES -Z echo "- Enabling SNAT (MASQUERADE) funtionality on
eth0"
#<INTERFACES>
IF_EXT=eth0 IF_INT=eth1 #</INTERFACES> #<REDES>
ANY=0.0.0.0/0 NET_INT=192.168.0.0/16 #</REDES> #<sERVIDOR
WEB>
IP_WEB_INT=192.168.200.252 IP_WEB_EXT=200.X.X.X #</sERVIDOR WEB> $IPTABLES -N EXT_SRVWEB $IPTABLES -A EXT_SRVWEB -p tcp -s $ANY --sport 1024: -d $IP_WEB_INT --dport 10001 -i $IF_EXT -o $IF_INT -j ACCEPT $IPTABLES -A EXT_SRVWEB -j DROP $IPTABLES -N SRVWEB_EXT
$IPTABLES -A SRVWEB_EXT -p tcp -s $IP_WEB_INT --sport 10001 -d $ANY --dport 1024: -i $IF_INT -o $IF_EXT -j ACCEPT $IPTABLES -A SRVWEB_EXT -j DROP $IPTABLES -t nat -A PREROUTING -d $IP_WEB_EXT -j DNAT --to $IP_WEB_INT -i
$IF_EXT
$IPTABLES -A FORWARD -j EXT_SRVWEB -s $ANY -d
$IP_WEB_INT -i $IF_EXT -o $IF_INT
$IPTABLES -A FORWARD -j SRVWEB_EXT -s $IP_WEB_INT -d $ANY -i $IF_INT -o $IF_EXT $IPTABLES -A POSTROUTING -t nat -s $IP_WEB_INT -d $ANY -j SNAT --to
$IP_WEB_EXT -o $IF_EXT
$IPTABLES -A POSTROUTING -t nat -j MASQUERADE -s $NET_INT -o $IF_EXT Thanks
____________________________
Fastrack Soluções e Sistemas Fernando La Gamba Network Admin / Security Com.: 5506-6044 R. 614 Cel.: 9214-2176 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.501 / Virus Database: 299 - Release Date: 14/7/2003 |
