User Tools

Site Tools


Table of Contents


We haven't selected a specific application as a firewall yet. Until then we'll provide some examples howto NAT your LAN to the net and howto do portforwarding (i.e. reverse masquerading of traffic to servers in our LAN or DMZ) using iptables. If you don't already have iptables installed install the software:

apt-get install iptables

NAT using iptables (the network to masquerade is, the interface of the firewall connected to the net is eth0).

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -F -t nat
iptables -t nat -A POSTROUTING -o eth0 -s -j MASQUERADE

Portforwarding using iptables (we'll portforward incoming traffic on port 25 (the SMTP-protocol) towards our mailserver. The interface of the firewall connected to the network where the mailserver (IP address is located is eth1. The outside IP address of the firewall is

iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d --dport 25 -s --sport 1:65535 -j DNAT --to


apt-get install iftop
hannibal/iptables.txt · Last modified: 2008/06/25 12:04 by Olivier Brugman