HannibalWiki

User Tools

Site Tools

You are here: start » hannibal » iptables
Trace: iptables
hannibal:iptables

Table of Contents

firewall

We haven't selected a specific application as a firewall yet. Until then we'll provide some examples howto NAT your LAN to the net and howto do portforwarding (i.e. reverse masquerading of traffic to servers in our LAN or DMZ) using iptables. If you don't already have iptables installed install the software: 

apt-get install iptables

NAT using iptables (the network to masquerade is 192.168.1.0/24, the interface of the firewall connected to the net is eth0). 

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -F -t nat
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE

Portforwarding using iptables (we'll portforward incoming traffic on port 25 (the SMTP-protocol) towards our mailserver. The interface of the firewall connected to the network where the mailserver (IP address 192.168.1.14) is located is eth1. The outside IP address of the firewall is 10.0.0.1). 

iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d 10.0.0.1 --dport 25 -s 0.0.0.0/0 --sport 1:65535 -j DNAT --to 192.168.1.14:25

Tooling

apt-get install iftop
hannibal/iptables.txt · Last modified: 2008/06/25 12:04 by Olivier Brugman

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki