RE: Port Forwarding - try again

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> This is executed from rc.local on the old machine (IP
> addresses altered to
> protect the innocent):
> 
> echo "Turning on IP Forwarding"
> /bin/echo "1" > /proc/sys/net/ipv4/ip_forward
> 
> echo "Setting IPMasq Rules"
> /usr/sbin/ipmasqadm mfw -A -m 3 -r 10.0.0.1
> 
> echo "PortForwarding"
> /usr/sbin/ipmasqadm portfw -a -P tcp -L 192.168.1.1 25 -R 10.0.0.1 25
> 
> The new machine that I'm running this on is a CentOS 4.2
> x86-64 running
> kernel 2.6.9-22.0.1.EL. Some of the research that I've done
> indicates that
> I should have something like this going on:
> 
> iptables -t nat -A PREROUTING -p tcp -i eth1 -d 192.168.1.1 --dport
> 25 -j DNAT --to 10.0.0.1:25
> iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.1 --dport 25 -j ACCEPT
> 
> But that doesn't work. Then I ran across a site that added a couple
> of statements to the mix: 
> 
> echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> 
> The additional lines don't help my cause either and I am a
> bit lost here.
> If anyone has any helpful information I would greatly
> appreciate it. Thanks.

As I understand it, you want to forward smtp traffic from the internet
to your smtp server.
Replace the variables I inserted with the actual values.


# No forwarding until the rules have been setup
echo 0 > /proc/sys/net/ipv4/ip_forward

# FORWARD policy DROP
# This drops everything that doesn't match in the following rules
$ipt -P FORWARD DROP

# ACCEPT packets that have been matched by a state NEW rule
$ipt -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow NAT for your LAN
$ipt -A FORWARD -m state --state NEW -i <if_lan> -o <if_inet> \
  -s <net_lan> -j ACCEPT

# Perform NAT for your LAN
$ipt -t nat -A POSTROUTING -o <if_inet> -s <net_lan> \
  -j SNAT --to <ip_inet>

# Allow portforwarding for smtp server
$ipt -A FORWARD -m state --state NEW -i <if_inet> -o <if_lan> \
  -d <ip_smtp_svr> -p tcp --dport 25 -j ACCEPT

# Perform portforwarding for smtp server
$ipt -t nat -A PREROUTING -i eth1 [-d <ip_inet>] \
  -p tcp --dport 25 -j DNAT --to <ip_smtp_svr>:25

# Rules have been setup ; turn on forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward


You can find a tutorial on iptables here :
http://iptables-tutorial.frozentux.net/iptables-tutorial.html


Gr,
Rob
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux