SLUG Mailing List Archives - [SLUG] simple firewall

To: slug@xxxxxxxxxxx
Subject: [SLUG] simple firewall
From: Kevin Waterson <kevin@xxxxxxxxxxx>
Date: Thu, 3 Apr 2003 17:28:09 +1000
Organization: Oceania

Howdy all, having a spot of bother with this fw
I would normally take this to the netfilter n00bs list
but cannot seem to get listed :/ anywho...
My goal is to have a simple masquerading script that will
deny all and forward all http traffic to 192.168.0.3
Sounds simple enough.. Here is what I have so far..

#!/bin/bash

# path to iptables
IPTABLES="/sbin/iptables"

# Then flush all rules
$IPTABLES -F
$IPTABLES -t nat -F

# masquerading stuff
$IPTABLES -t nat -A POSTROUTING -d ! 192.168.0.0/24 -j MASQUERADE

$IPTABLES -A FORWARD -s 192.168.0.0/24 -j ACCEPT
$IPTABLES -A FORWARD -d 192.168.0.0/24 -j ACCEPT
$IPTABLES -A FORWARD -s ! 192.168.0.0/24 -j DROP

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# send incoming ppp0 at port 80, to 192.168.1.18:80
$IPTABLES -t nat -A PREROUTING -i ppp0 -p tcp --dport 80  -j DNAT --to 192.168.0.3

# you must also open the port from outside in the firewall, like this:
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT


any thoughts or pointers greatfully recieved

Kind regards
Kevin
-- 
 ______                              
(_____ \                             
 _____) )  ____   ____   ____   ____ 
|  ____/  / _  ) / _  | / ___) / _  )
| |      ( (/ / ( ( | |( (___ ( (/ / 
|_|       \____) \_||_| \____) \____)
Kevin Waterson
Port Macquarie, Australia

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] Debian: IPSec not supported by kernel.
Next by Date: Re: [SLUG] apt
Previous by thread: Re: [SLUG] Debian: IPSec not supported by kernel.
Next by thread: [SLUG] TV Excel PV-BT878P+ w/FM REMOTE??