I have a Fedora 9 box with 2 NIC's. One public (eth0) and one private
(eth1). This machine is also the private network gateway.
I have WinXP machine on the private network with a IP of 192.168.123.39.
I can't access the machine from the public side of the network.
Below is the iptables config file. I'm not sure what's wrong with it.
Any help would be greatly appreciated.
Thanks,
Jack
# Generated by iptables-save v1.4.1.1 on Wed May 6 15:48:13 2009
*mangle
:PREROUTING ACCEPT [53:5461]
:INPUT ACCEPT [25:2017]
:FORWARD ACCEPT [28:3444]
:OUTPUT ACCEPT [20:3542]
:POSTROUTING ACCEPT [45:6818]
COMMIT
# Completed on Wed May 6 15:48:13 2009
# Generated by iptables-save v1.4.1.1 on Wed May 6 15:48:13 2009
*filter
:INPUT DROP [2:89]
:FORWARD DROP [3:168]
:OUTPUT DROP [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 901 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3389 -j ACCEPT
-A FORWARD -i eth1 -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.123.0/24 -p tcp -m tcp --dport 3389 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed May 6 15:48:13 2009
# Generated by iptables-save v1.4.1.1 on Wed May 6 15:48:13 2009
*nat
:PREROUTING ACCEPT [9:554]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [1:660]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 3389 -j DNAT
--to-destination 192.168.123.39:3389
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed May 6 15:48:13 2009
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html