Samuel DÃaz GarcÃa wrote:
Without having a look into your scripts, I think you need: 1) Allow INPUT into filter table to the port. 2) Allow FORDWARD into filter table to the redirected conection. Good luck.
Line 56: $IPTABLES -A INPUT -i $INET_IFACE -p tcp --dport 800 -j ACCEPT Line 57: $IPTABLES -A INPUT -i $INET_IFACE -p udp --dport 800 -j ACCEPT Line 58: Line 59: # Forward Chain Line 60: $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT Line 61: $IPTABLES -A FORWARD -o $LAN_IFACE -j ACCEPT
Line 85: $IPTABLES -A PREROUTING -t nat -p tcp -d $INET_IP --dport 800 -j DNAT --to 192.168.1.5:800
Line 86: $IPTABLES -A PREROUTING -t nat -p udp -d $INET_IP --dport 800 -j DNAT --to 192.168.1.5:800
This is a few lines from the attached firewall. I think you may be reffering to these lines of the firewall script.
On Lines 56,57 I allow connections to my gateway on port 800 On Lines 60,61 I allow all connections in the forwarding chain. And on Lines 85,86 is the port forwarding rules.
Kind Regards Julian.
#!/bin/bash # Set path to iptables binary IPTABLES=/usr/sbin/iptables # # Loopback IP and Interface # LO_IFACE="lo" LO_IP="127.0.0.1" # # Internet IP and Interface # INET_IP=`/sbin/ifconfig ppp0 | grep "inet addr" | cut -d: -f2 | cut -d ' ' -f1` INET_IFACE="ppp0" # # LAN Range, IP Address and Interface # LAN_IP="192.168.1.1" LAN_IP_RANGE="192.168.1.0/24" LAN_BCAST_ADRESS="192.168.1.255" LAN_IFACE="eth0" # # Set default policies # $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP $IPTABLES -P FORWARD DROP # # Flush Chains # $IPTABLES -F $IPTABLES -t nat -F # # Allow loopback interface # $IPTABLES -A INPUT -i $LO_IFACE -j ACCEPT $IPTABLES -A OUTPUT -o $LO_IFACE -j ACCEPT # Output Chain $IPTABLES -A OUTPUT -o $INET_IFACE -p tcp --dport 53 -j ACCEPT $IPTABLES -A OUTPUT -o $INET_IFACE -p udp --dport 53 -j ACCEPT $IPTABLES -A OUTPUT -o $INET_IFACE -p tcp --dport 25 -j ACCEPT $IPTABLES -A OUTPUT -o $INET_IFACE -p tcp --dport 80 -j ACCEPT $IPTABLES -A OUTPUT -o $INET_IFACE -p tcp --dport 110 -j ACCEPT # Input Chain $IPTABLES -A INPUT -i $INET_IFACE -p tcp -m state --state established,related -j ACCEPT $IPTABLES -A INPUT -i $INET_IFACE -p udp -m state --state established,related -j ACCEPT $IPTABLES -A INPUT -i $INET_IFACE -p tcp --dport 800 -j ACCEPT $IPTABLES -A INPUT -i $INET_IFACE -p udp --dport 800 -j ACCEPT # Forward Chain $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT $IPTABLES -A FORWARD -o $LAN_IFACE -j ACCEPT # # Allow ICMP # $IPTABLES -A OUTPUT -o $INET_IFACE -p icmp -j ACCEPT $IPTABLES -A INPUT -i $INET_IFACE -p icmp -j ACCEPT # # Users allowed internet access # $IPTABLES -A INPUT -i $LAN_IFACE -s 192.168.1.143 -j ACCEPT $IPTABLES -A OUTPUT -o $LAN_IFACE -d 192.168.1.143 -j ACCEPT $IPTABLES -A INPUT -i $LAN_IFACE -s 192.168.1.5 -j ACCEPT $IPTABLES -A OUTPUT -o $LAN_IFACE -d 192.168.1.5 -j ACCEPT $IPTABLES -A INPUT -i $LAN_IFACE -s 192.168.1.8 -j ACCEPT $IPTABLES -A OUTPUT -o $LAN_IFACE -d 192.168.1.8 -j ACCEPT # # Add port forwarding rule # $IPTABLES -A PREROUTING -t nat -p tcp -d $INET_IP --dport 800 -j DNAT --to 192.168.1.5:800 $IPTABLES -A PREROUTING -t nat -p udp -d $INET_IP --dport 800 -j DNAT --to 192.168.1.5:800 # # Masquerade LAN users (Internet Sharing) # $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP
