Hi all, sorry for this post here but I cannot seem to join the
netfilter list :/
I wish to have a simple firewall to forward http traffic to internal network
This is what I have but it does not forward, any help much appreciated
#!/bin/sh
#path to iptables
IPTABLES="/sbin/iptables"
# External Interface
EXT_IF=`route -n | awk '$1~/0.0.0.0/ {print $8}'`
# Internale network
INT_NET="192.168.0.0/24"
# Internal Network Interface
INT_NET_IF="eth1"
# Internal Network Interface IP Address
INT_NET_IF_IP="192.168.0.1"
# IP of the web machine
WWW_IP="192.168.0.3"
# Turn on ipforwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# Flush old rulesets
$IPTABLES -F
$IPTABLES -F -t nat
# Default policies
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
# Masqerading bit
$IPTABLES -t nat -A POSTROUTING -o $EXT_IF -j MASQUERADE
# Allow packets to return
$IPTABLES -A FORWARD -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Allow packets out
$IPTABLES -A FORWARD -i eth1 -s $INT_NET -j ACCEPT
# Forward http request to internal net
$IPTABLES -t nat -A PREROUTING -i $EXT_IF -p tcp --dport 80 -j DNAT --to $WWW_IP
# Allow port 80
# $IPTABLES -A INPUT -i ppp0 -d 0/0 -p tcp --dport 80 -j ACCEPT
$IPTABLES -A FORWARD -i ppp0 -d 0/0 -p tcp --dport 80 -j ACCEPT
# Allow SSH
$IPTABLES -A INPUT -i ppp0 -d 0/0 -p tcp --dport 22 -j ACCEPT
# Log to syslog
# $IPTABLES -A INPUT -j LOG
#
Kind regards
Kevin
--
______
(_____ \
_____) ) ____ ____ ____ ____
| ____/ / _ ) / _ | / ___) / _ )
| | ( (/ / ( ( | |( (___ ( (/ /
|_| \____) \_||_| \____) \____)
Kevin Waterson
Port Macquarie, Australia
--
Psyche-list mailing list
Psyche-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/psyche-list
