You have to do port 5800 as well Rudolf -----Original Message----- From: GK [mailto:guskasus@xxxxxxxxxxxx] Sent: Friday, June 25, 2004 2:19 AM To: General Red Hat Linux discussion list Subject: RE: iptables - port redirection - VNC Thanks Nathaniel! I put this lines but I still can not connect to my PC`s inside. I add "-t nat" to the first line because it give me a error. It`s ok? Do you have another idea? GusKa. El jue, 24 de 06 de 2004 a las 12:17, Nathaniel Hall escribiÃ: > Just by scanning over it pretty quickly, this is what I would do. > > $IPTABLES -A PREROUTING -d $PUBLICIP -p tcp -m tcp --dport 5900 -j DNAT > --to-destination 192.168.10.79:5900 > $IPTABLES -A FORWARD -d 192.168.10.79 -p tcp -m tcp --dport 5900 -j ACCEPT > $IPTABLES -A PREROUTING -d $PUBLICIP -p tcp -m tcp --dport 80 -j DNAT > --to-destination 192.168.10.80:80 > $IPTABLES -A FORWARD -d 192.168.10.80 -p tcp -m tcp --dport 80 -j ACCEPT > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~ > Nathaniel Hall > Intrusion Detection and Firewall Technician > Ozarks Technical Community College -- Office of Computer Networking > 417-799-0552 > > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] > On Behalf Of GK > Sent: Thursday, June 24, 2004 10:06 AM > To: redhat-list@xxxxxxxxxx > Subject: iptables - port redirection - VNC > > Hi, I am newbie in iptables. I must be do something bad. Are there a > expert in iptables? Sure! > I need do port redirection from outside (internet) to inside (one > especific PC). But the packets from Internet to my public IP (port 5900) > are DROPed. > I need access via VNC from Internet to LAN inside and another ports > (8080). These are a few lines from my script to configure iptables. > > Somebody can help me, please? > Does anyone have any ideas? > Thanks in advance, > > GusKa. > > --------------------- > > # eth0 local interface to Internet. > # eth1 local interface to private LAN. > # ppp0 > > #PRIVATE= private LAN > #EXTINT= Outside interface > #INTINT= Inside Interface > #EXTPPP= Outside public Interface > #PUBLICIP= My Public IP > > > PRIVATE=192.168.10.0/24 > EXTINT=eth0 > INTINT=eth1 > EXTPPP=ppp0 > PUBLICIP=201.254.205.12 > LOOP=127.0.0.1 > > $IPTABLES -P OUTPUT ACCEPT > $IPTABLES -P INPUT DROP > $IPTABLES -P FORWARD DROP > > > # NAT to Outside. > $IPTABLES -t nat -A POSTROUTING -s $PRIVATE -p tcp -o $EXTPPP -j SNAT > --to $PUBLICIP > > > $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > > # VNC to PC inside (private LAN) > $IPTABLES -A PREROUTING -t nat -p tcp -d $PUBLICIP --dport 5900 -j DNAT > --to 192.168.10.79:5900 > $IPTABLES -A FORWARD -i $EXTINT -o $INTINT -p tcp --dport 5900 -m state > --state NEW,ESTABLISHED,RELATED -j ACCEPT > # HTTP 8080 to server inside httpd > $IPTABLES -A PREROUTING -t nat -p tcp -d $PUBLICIP --dport 8080 -j DNAT > --to 192.168.10.80:80 > $IPTABLES -A FORWARD -i $EXTINT -o $INTINT -p tcp --dport 8080 -m state > --state NEW,ESTABLISHED,RELATED -j ACCEPT > > # www, dns, smtp are open > $IPTABLES -A INPUT -p tcp --dport http -j ACCEPT > $IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT > $IPTABLES -A INPUT -p tcp --dport smtp -j ACCEPT > $IPTABLES -A INPUT -p tcp --dport domain -j ACCEPT > $IPTABLES -A INPUT -p udp --dport domain -j ACCEPT > > > # Masquerading rule > $IPTABLES -A INPUT -s $PRIVATE -m state --state NEW -j ACCEPT > $IPTABLES -A OUTPUT -s $PRIVATE -m state --state NEW -j ACCEPT > $IPTABLES -A FORWARD -s $PRIVATE -m state --state NEW -j ACCEPT > > > # All in loopack > $IPTABLES -A INPUT -i lo -j ACCEPT > $IPTABLES -A OUTPUT -o lo -j ACCEPT > > > # All in private LAN > $IPTABLES -A INPUT -i $INTINT -j ACCEPT > $IPTABLES -A FORWARD -i $INTINT -j ACCEPT > > $IPTABLES -A INPUT -j DROP > $IPTABLES -A FORWARD -j DROP > > > > > echo 1 > /proc/sys/net/ipv4/ip_forward > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
