Hi all
ls the network address traslation in centos5.2 different?
I disable the default iptable rule and use the following commands but I can't connect http://public:8080 from outside to this host 192.168.0.10 port 80
eth1 is public address eth0 is private address 192.168.0.1
iptables -F -t nat iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to 192.168.0.10:80
Thank you
--------------------------------- Looking for the perfect gift? Give the gift of Flickr!
--------------------------------- Now with a new friend-happy design! Try the new Yahoo! Canada Messenger
I think you forgot to open the port in the FILTER table. Open it like this:
iptables --table filter -p tcp -d 8080 -j ACCEPT
The syntax may not be 100% perfect, and also you may want to tight the security, but I hope you get the idea.
Regards.
GERMAN ANDRES PULIDO F. Ingeniero de Proyectos GLOBAL TECHNOLOGY SERVICES - GTS S.A. ------------------------------------- Tel: (571) 658 34 10 ext 110 Carrera 7b No. 123-46 Bogotá-Colombia Sitio Web: www.gtscolombia.com On Wednesday 31 December 2008 4:05:51 pm chloe K wrote:
Hi all
ls the network address traslation in centos5.2 different?
I disable the default iptable rule and use the following commands but I can't connect http://public:8080 from outside to this host 192.168.0.10 port 80
eth1 is public address eth0 is private address 192.168.0.1
iptables -F -t nat iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to 192.168.0.10:80
Thank you
Looking for the perfect gift? Give the gift of Flickr!
Now with a new friend-happy design! Try the new Yahoo! Canada Messenger
On Wednesday 31 December 2008 16:05, chloe K wrote:
ls the network address traslation in centos5.2 different?
Nope.
I disable the default iptable rule and use the following commands but I can't connect http://public:8080 from outside to this host 192.168.0.10 port 80
eth1 is public address eth0 is private address 192.168.0.1
iptables -F -t nat iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to 192.168.0.10:80
Your rules are in need of help. First off I am not even sure what you are doing will work, i.e.;
--append or --table
These are written as '-A' and '-t'
Try these;
iptables -F -t nat iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE # !!! Following line is wrapped !!! iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to-destination 192.168.0.10:80 iptables -A FORWARD -i eth0 -j ACCEPT
You could and should tighten these rules up. You should look into Stateful packet inspection for your firewall. If you are looking to learn how to write your own rules use the following;
http://iptables.rlworkman.net/chunkyhtml/index.html
On 1/1/2009 8:13 PM, Robert Spangler wrote:
Your rules are in need of help. First off I am not even sure what you are doing will work, i.e.;
--append or --table
These are written as '-A' and '-t'
--append and --table are legal syntax...
# man iptables
-t, --table table This option specifies the packet matching table which the command should operate on. If the...
-A, --append chain rule-specification Append one or more rules to the end of the selected chain. When the source and/or destination...
On Friday 02 January 2009 00:16, Kenneth Burgener wrote:
On 1/1/2009 8:13 PM, Robert Spangler wrote:
Your rules are in need of help. First off I am not even sure what you are doing will work, i.e.;
--append or --table
These are written as '-A' and '-t'
--append and --table are legal syntax...
# man iptables
-t, --table table This option specifies the packet matching table which the command should operate on. If the...
-A, --append chain rule-specification Append one or more rules to the end of the selected chain. When the source and/or destination...
Shorthand I find the best. Thnx for the clarification on this.
On Thu, Jan 01, 2009 at 10:13:55PM -0500, Robert Spangler wrote: ............
Your rules are in need of help. First off I am not even sure what you are doing will work, i.e.;
--append or --table
These are written as '-A' and '-t'
Hi Bob,
just fyi "--table" and "--append" are both documented in the man page for iptables so they "should" work just as well as "-A" and -t".
I admit, I only use the short forms myself. :-)
Jeff Kinz
--
-
chloe K -
German Andres Pulido -
jkinz@kinz.org -
Kenneth Burgener -
Robert Spangler