2005/6/28, Juan Manuel Tato <madness@xxxxxxxxxxxxx>: > > # Policies. > # > $IPT -P INPUT ACCEPT > $IPT -P OUTPUT ACCEPT > $IPT -P FORWARD ACCEPT You usually drop everything first, then you open each port and service one by one Normalmente cierras todo primero, despues es que abres cada puerto y servicio echo 1 > /proc/sys/net/ipv4/ip_forward > > $IPT -t nat -A POSTROUTING -o $INT -j SNAT --to pub.lic.ip.addr > > # This rule protects your fowarding rule. > $IPT -A FORWARD -i $INT -m state --state NEW,INVALID -j DROP remove this for testing quita esto para probar # defino la ip de mi servidor interno > SRV=" 192.168.100.1 <http://192.168.100.1/>" > > $IPT -t nat -A PREROUTING -i $INT -p tcp --dport 25 -j DNAT --to > 192.168.100.1:25 <http://192.168.100.1:25/> > $IPT -t nat -A PREROUTING -i $INT -p tcp --dport 53 -j DNAT --to $SRV > $IPT -t nat -A PREROUTING -i $INT -p udp --dport 53 -j DNAT --to $SRV > $IPT -t nat -A PREROUTING -i $INT -p tcp --dport 110 -j DNAT --to $SRV > $IPT -t nat -A PREROUTING -i $INT -p udp --dport 110 -j DNAT --to $SRV > $IPT -t nat -A PREROUTING -i $INT -p tcp --dport 80 -j DNAT --to > 192.168.100.1:80 <http://192.168.100.1/> > $IPT -t nat -A PREROUTING -i $INT -p udp --dport 80 -j DNAT --to > 192.168.100.1:80 <http://192.168.100.1/> > $IPT -t nat -A PREROUTING -i $INT -p tcp --dport 143 -j DNAT --to $SRV > $IPT -t nat -A PREROUTING -i $INT -p udp --dport 143 -j DNAT --to $SRV what if you tried something like this for external packets looking for a system inside: que si intentas algo como esto para el ruteo interno de paquetes externos: iptables -A FORWARD -d your_lans_server_ip -p tcp --dport 110 -j ACCEPT iptables -t nat -A PREROUTING -d your_external_nic -p tcp --dport 110 \ -j DNAT --to-destination your_lans_server_ip:110 -- Vlad
