Re: forwarding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

All right, let me explain my current setup because is not working after
all your great help, let me put here step by step everything that is
currently going on here.

-Server 1 has this /etc/rc.d/rc.firewall script:

#-----<script>
echo "Borrando posibles reglas anteriores..."
iptables -F
iptables -X

echo "Habilitando politicas de negacion total de paquetes"

iptables -P FORWARD DROP
iptables -P INPUT DROP

echo "Reglas para paquetes de entrada y salida"

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#iptables -A INPUT -p tcp --dport 8080 -j ACCEPT

##internas
iptables -A INPUT -i eth0 -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -i lo -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 110 -j ACCEPT

#para el forward
echo 0 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -d 192.168.0.2 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -d 10.73.219.156 -p tcp --dport 8080 \
    -j DNAT --to-destination 192.168.0.2:80
echo 1 > /proc/sys/net/ipv4/ip_forward
#-----</script>

-in order to avoid any eth0/eth1 packets confussion, I have only one NIC
in server2, the one that has the second webserver. This is the server2's
route output:

-----route script
[root@linserv root]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
-----route script

It seems to be ok, from server2 I can access server1 thru 192,168 network
but, what concerns me is that, it takes too long to show the default
router, it gets stuck in lo about a minute. About accessing it from
server1 using telnet, i have a remote server trying to access ip:8080 and
it stills get no answer, even though the nmap record shows that port 8080
in server one is filtered

Thanx a lot for this great help, I really apreciated it

Peace
Juan
Programmin' Python is like sugar... Sweet! ;)
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux