All,
I have multiple interfaces in a system (eth1, eth1:0, eth1:1 and eth1:2),
and I need to forward things for several ports to them.
Since IPtables do not understand eth1:1, my rules look something like
this:
# Ftp server
iptables -t nat -A PREROUTING -p tcp -d $FTP_IPADDR --dport 21 -j
DNAT --to $FTP_SERVER
iptables -A FORWARD -i eth1 -p tcp -d $FTP_SERVER --dport 21 -m
state --state NEW -j ACCEPT
# Web server
iptables -t nat -A PREROUTING -p tcp -d $WEB_IPADDR --dport 80 -j
DNAT --to $WEB_SERVER
iptables -A FORWARD -i eth1 -p tcp -d $WEB_SERVER --dport 80 -m
state --state NEW -j ACCEPT
eth1 is my WAN interface... Is this correct?
Also, for the life of my I don't seem to be able to get DNS resulution to
my
DNS server; my rules are as follows:
iptables -t nat -A PREROUTING -p udp -d $DNS_1 --dport 53 -j DNAT --to
$DNS_SERVER1
iptables -t nat -A PREROUTING -p tcp -d $DNS_1 --dport 53 -j DNAT --to
$DNS_SERVER1
iptables -t nat -A PREROUTING -p udp -d $DNS_2 --dport 53 -j DNAT --to
$DNS_SERVER2
iptables -t nat -A PREROUTING -p tcp -d $DNS_2 --dport 53 -j DNAT --to
$DNS_SERVER2
iptables -A FORWARD -i eth1 -p udp -d $DNS_SERVER1 --dport 53 -m
state --state NEW -j ACCEPT
iptables -A FORWARD -i eth1 -p tcp -d $DNS_SERVER1 --dport 53 -m
state --state NEW -j ACCEPT
iptables -A FORWARD -i eth1 -p udp -d $DNS_SERVER2 --dport 53 -m
state --state NEW -j ACCEPT
iptables -A FORWARD -i eth1 -p tcp -d $DNS_SERVER2 --dport 53 -m
state --state NEW -j ACCEPT
Besides those rules, I also allow ping to those interfaces.
Does anybody host their own DNS, if so, could you share your rules (without
IP addresses, to protect the identity of the inocent...) ;)
Beforehand, thank you for your help!
Best regards,
Erick Sanz
This email message has been scanned for viruses.
