[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Propblemer med iptables og portforwardingHej

(samme besked er tidliger sendt paa teknik listen, udes den vlide success saa
nu pr/over jeg her)

Jeg fors/oger at saette portforwarding op paa en linux maskine men det
gaar ikke saerlig godt.....

Maskinen har 2 net kort, et med ip'en 192.168.9.3 og et andet med ip'en
192.168.10.14. Jeg kunne godt taenke mig at naar en computer paa subnettet
192.168.10.0/24 aabner en browser og gaar til addressen
http://192.168.10.14 at han/hun ser hvad der ligger paa http://192.168.9.4

Med andre ord vil jeg altsaa forwarde port 80 fra 192.168.10.0/24 til
192.168.10.4.

Her er hvad jeg har fors/ogt:

EXT_IP="192.168.10.14"
LAN_NET="192.168.9.0/24"
INT_NETKORT="eth1"
EXT_NETKORT="eth0"
SERVER="192.168.9.4"

# tillad forwarding af pakker
echo "1" > /proc/sys/net/ipv4/ip_forward

# luk al indgående som standard
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# kæderne bliver lige tømt, så man kan køre scriptet igen uden problemer
iptables -F
iptables -t nat -F

# tillad alt lokal trafik
iptables -A INPUT  -i lo  -j ACCEPT
iptables -A INPUT  -i $INT_NETKORT -j ACCEPT
iptables -A FORWARD -i lo  -j ACCEPT
iptables -A FORWARD -i $INT_NETKORT -j ACCEPT
iptables -A OUTPUT     -j ACCEPT


#vi tillader trafik på forbindelser, der er blevet oprettet
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# og vi tillader nye forbindelser, hvis de kommer indefra
iptables -A INPUT -m state --state NEW -i $INT_NETKORT -j ACCEPT
iptables -A FORWARD -m state --state NEW -i $INT_NETKORT -j ACCEPT

# aktiver source nat
iptables -t nat -A POSTROUTING -s $LAN_NET -d "!" $LAN_NET -j SNAT --to
$EXT_IP

###portmapping
iptables -t nat -A PREROUTING -p tcp --dport 80 -d $EXT_IP -j DNAT --to
$SERVER:80
iptables -A FORWARD -p tcp -d $SERVER --dport 80 -o $INT_NETKORT -j ACCEPT
iptables -A FORWARD -p tcp -s $SERVER --dport 80 -o $INT_NETKORT -j ACCEPT


# tillad adgang til udvalgte services udefra
iptables -A INPUT -p tcp -d $EXT_IP --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -d $EXT_IP --dport 80 -j ACCEPT
#iptables -A INPUT -p tcp -d $EXT_IP --dport 3306 -j ACCEPT


#-# #Tillader ping
iptables -A INPUT -p icmp -d $EXT_IP -j ACCEPT

Naar oven staaende kommandoer er eksekveret ser mine tabeller saa lides ud:
bridge:~# iptables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target   prot opt in   out   source
destination
  0   0 ACCEPT   all -- lo   *    0.0.0.0/0      0.0.0.0/0
  0   0 ACCEPT   all -- eth1  *    0.0.0.0/0      0.0.0.0/0
  31 2092 ACCEPT   all -- *   *    0.0.0.0/0
0.0.0.0/0      state RELATED,ESTABLISHED
  0   0 ACCEPT   all -- eth1  *    0.0.0.0/0
0.0.0.0/0      state NEW
  0   0 ACCEPT   tcp -- *   *    0.0.0.0/0
192.168.10.14    tcp dpt:22
  0   0 ACCEPT   tcp -- *   *    0.0.0.0/0
192.168.10.14    tcp dpt:80
  0   0 ACCEPT   icmp -- *   *    0.0.0.0/0
192.168.10.14

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target   prot opt in   out   source
destination
  0   0 ACCEPT   all -- lo   *    0.0.0.0/0      0.0.0.0/0
  0   0 ACCEPT   all -- eth1  *    0.0.0.0/0      0.0.0.0/0
  0   0 ACCEPT   all -- *   *    0.0.0.0/0
0.0.0.0/0      state RELATED,ESTABLISHED
  0   0 ACCEPT   all -- eth1  *    0.0.0.0/0
0.0.0.0/0      state NEW
  0   0 ACCEPT   tcp -- *   eth1  0.0.0.0/0
192.168.9.4     tcp dpt:80
  0   0 ACCEPT   tcp -- *   eth1  192.168.9.4
0.0.0.0/0      tcp dpt:80

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target   prot opt in   out   source
destination
  16 1360 ACCEPT   all -- *   *    0.0.0.0/0      0.0.0.0/0


I forward kaeden taeller f/olgende linie pakker op naa jeg fors/oger at
vise siden:
Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target   prot opt in   out   source
destination
  4  240 ACCEPT   tcp -- *   eth1  0.0.0.0/0
192.168.9.4     tcp dpt:80


Hvis der er nogle der kan se hvad der er galt eller har en ligende setup
jeg kan bruge som eksemple ville det vaerer en stor hjaelp

MVH
Allan W. Nielsen 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2007-07-15, 00:01 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *