On December 15, 2003 09:20 am, Ashley M. Kirchner wrote: > How can I punch holes through iptables to allow for an external > pcAnywhere machine (dialup) to connect to an internal (private network) > one? On our old server, it was done using ipportfw, but that has long > since been dropped off the back dock and a new server put into place, > which now uses iptables. I need both tcp as well as udp ports 5631 and > 5632 opened. > > So, the path for data will be: > > [ remote ] [ firewall ] [ internal ] > [ pcAnywhere ] <--> [ internet ] <--> [ iptables ] <--> [ private ] > [ user ] [ server ] [ network ] Hi, here is some snips of my web server rules, you can use it as a guide. You can set a port range "--dport 5631:5632" # Pre & Post Routing # web site redirect $IPTABLES -A PREROUTING -t nat -p tcp -i $EXT_IF \ --dport 80 -j DNAT --to-destination $WEB_SERVER $IPTABLES -A POSTROUTING -t nat -o $EXT_IF \ -s $WEB_SERVER -j MASQUERADE # Forward chain: $IPTABLES -A FORWARD -i $EXT_IF -p tcp --dport 80 -j WEB_CHAIN $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # User defined chains $IPTABLES -A WEB_CHAIN -p tcp -i $EXT_IF \ -d $WEB_SERVER --dport 80 -j ACCEPT $IPTABLES -A WEB_CHAIN -j RETURN The pre and post should be at the top and the user rules should be at the end (they all return to the called rule) of the rules. You could also add a log rule to see who is hitting the port. Stick it as the first in the custom rule section, similar to my ssh: $IPTABLES -A SSH_CHAIN -p tcp -m state --state NEW -i $EXT_IF \ --dport 22 -j LOG --log-prefix "NetF SSH Login: " Of course it all depends on how your fw is set up, but that should show you the syntax. -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
