--- John Joseph <jjk_saji@xxxxxxxxx> wrote:
>
> --- Sietse van Zanen <sietse@xxxxxxxxx> wrote:
>
> > >> ACCEPT all -- anywhere
> anywhere
> > >> This converts your DROP policy to an ACCEPT,
> > doesn't seem wise.
> >
> > >Remember that iptables -L hides some rule
> > parameters such as interfaces.
> > >I would not be surprised that this rule actually
> > contains "-i eth1".
> > >I strongly suggest John and anyone lists iptables
> > rules with>
> > >iptables-save instead of iptables -L.
> >
> > Or iptables -L -n -v would do fine too, I think.
> >
> >
> >
>
>
>
> Hi Thanks for the reply
> in my gateway ?iptables -L -n -v ? . results
> are
>
>
> **************************
> [root@gateway ~]# iptables -L -n -v
> Chain INPUT (policy ACCEPT 256K packets, 29M bytes)
> pkts bytes target prot opt in out
> source
> destination
>
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out
> source
> destination
> 8 472 ACCEPT all -- eth0 eth1
> 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED
> 17 840 ACCEPT all -- eth1 eth0
> 0.0.0.0/0 0.0.0.0/0
> 3 180 LOG all -- * *
> 0.0.0.0/0 0.0.0.0/0 LOG flags 0
> level 4
> 3 180 ACCEPT tcp -- eth0 *
> 0.0.0.0/0 192.168.242.129 tcp
> dpt:8110
>
> Chain OUTPUT (policy ACCEPT 2885 packets, 430K
> bytes)
> pkts bytes target prot opt in out
> source
> destination
>
> *******************************
>
>
> I am posting , some part of the previous mail , for
> continuity
> I have a gateway (CentOS) with eth0 and eth1 as
> interfaces. ?eth0? is exposed to WAN and ?eth1? to
> the LAN network , I want all POP3 packets coming
> in
> through the gateway wan interface (eth0) to be
> redirected to the PS1(192.168.242.129 inside the
> lan)
> port 8110 . I had done some iptables settings as
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp ?dport
> pop3 -j DNAT ?to 192.168.242.129:8110
> iptables -A FORWARD -i eth0 -p tcp --dport
> 8110
> -d 192.168.242.129 -j ACCEPT
>
> In this setup POP3 packets were not redirected to
> PS1 (192.168.242.129)
> Thanks
> Joseph John
>
>
Hi
In response to my previous mail , I am posting my
iptables-script which I had used , so that going
through the code can give me good response from the
list
**************
#!/bin/sh
#
# Unless specified, the defaults for INPUT and OUTPUT
is ACCEPT
# The default for FORWARD is DROP (REJECT is not a
valid policy)
# Isn't ACCEPT insecure? To some degree, YES, but
this is our testing
# phase.
#
echo " Clearing any existing rules and setting
default policy.."
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
echo " FWD: Allow all connections IN"
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on
$eth0"
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo "Forwarding all the port 110 to
192.168.242.129:8110"
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport
110 -j DNAT --to 192.168.242.129:8110
iptables -A FORWARD -i eth0 -p tcp --dport 8110
-d 192.168.242.129 -j ACCEPT
************************************
Thanks
Joseph John
___________________________________________________________
All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine
http://uk.docs.yahoo.com/nowyoucan.html
