[CentOS] setup firewall with 3 nic cards
Jerry Geis
geisj at pagestation.com
Mon May 10 22:10:02 UTC 2010
I have a centos box with 3 nics. eth0 is internal, eth1 is T1 data and eth2 is cable data.
Everything is working on eth2 cable. External NAT is working just fine for eth2.
However external address 74.x.x.x on eth1 is not working.
Below is my iptables information.
I setup eth1 same as eth2 just a different IP address of course. What did I miss that
eth1 and NAT is not working?
Just looking for both public IP's incoming to NAT to the correct IP address. Only 1 is working at this time.
Thanks,
Jerry
---------------
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 24.123.23.170 tcp dpt:22 to:192.168.1.209:22
DNAT tcp -- 0.0.0.0/0 24.123.23.170 tcp dpt:25 to:192.168.1.209:25
DNAT tcp -- 0.0.0.0/0 24.123.23.170 tcp dpt:80 to:192.168.1.209:80
DNAT tcp -- 0.0.0.0/0 74.223.8.179 tcp dpt:22 to:192.168.1.58:22
DNAT tcp -- 0.0.0.0/0 74.223.8.179 tcp dpt:25 to:192.168.1.58:25
DNAT tcp -- 0.0.0.0/0 74.223.8.179 tcp dpt:80 to:192.168.1.58:80
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.1.0/24 0.0.0.0/0 to:24.123.23.170
SNAT all -- 0.0.0.0/0 192.168.1.209 to:192.168.1.1
SNAT all -- 0.0.0.0/0 192.168.1.209 to:192.168.1.1
SNAT all -- 0.0.0.0/0 192.168.1.209 to:192.168.1.1
SNAT all -- 0.0.0.0/0 192.168.1.209 to:192.168.1.1
SNAT all -- 0.0.0.0/0 192.168.1.209 to:192.168.1.1
SNAT all -- 0.0.0.0/0 192.168.1.209 to:192.168.1.1
SNAT all -- 0.0.0.0/0 192.168.1.58 to:192.168.1.1
SNAT all -- 0.0.0.0/0 192.168.1.58 to:192.168.1.1
SNAT all -- 0.0.0.0/0 192.168.1.58 to:192.168.1.1
SNAT all -- 0.0.0.0/0 192.168.1.58 to:192.168.1.1
SNAT all -- 0.0.0.0/0 192.168.1.58 to:192.168.1.1
SNAT all -- 0.0.0.0/0 192.168.1.58 to:192.168.1.1
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
24.123.23.168 0.0.0.0 255.255.255.248 U 0 0 0 eth2
74.223.8.176 0.0.0.0 255.255.255.240 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
0.0.0.0 24.123.23.169 0.0.0.0 UG 0 0 0 eth2
More information about the CentOS
mailing list