Little help with iptables

Discussion in 'Security' started by testu, Apr 12, 2011.

0
  1. #1
    Hi,

    I am trying to allow incoming connections to my linux server through my public IP. I want to forward public IP > local IP. So far I did

     iptables -A FORWARD -p tcp -s 192.168.11.4 -d PUBLIC_IP -j ACCEPT
    Code (markup):
    but no good. Can anyone advise me how to do it correctly?

    Thanks!
     
    testu, Apr 12, 2011 IP
  2. hostiwant

    hostiwant Peon

    Messages:
    27
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Are u going to use it for VPN?
     
    hostiwant, Apr 17, 2011 IP
  3. pinellashosting

    pinellashosting Member

    Messages:
    16
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    36
    #3
    You need to do something like this..

    #Set up IP FORWARDing and Masquerading
    iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
    iptables --append FORWARD --in-interface eth1 -j ACCEPT
    echo 1 > /proc/sys/net/ipv4/ip_forward #Enables packet forwarding by kernel
     
    pinellashosting, Apr 18, 2011 IP
  4. pinellashosting

    pinellashosting Member

    Messages:
    16
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    36
    #4
    Here is the end of another script I used to use for NAT.

    # Set up NAT
    modprobe ip_nat_ftp
    modprobe ip_nat_irc
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -i eth0 -j ACCEPT

    #Foward ports to local network
    iptables -A FORWARD -j ACCEPT -p tcp --dport 3389
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to 192.168.0.155:3389
    iptables -A FORWARD -j ACCEPT -p tcp --dport 113
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 113 -j DNAT --to 192.168.0.155:113
    iptables -A FORWARD -j ACCEPT -p tcp --dport 5060
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5060 -j DNAT --to 192.168.0.155:5060
    iptables -A FORWARD -j ACCEPT -p tcp --dport 5061
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5061 -j DNAT --to 192.168.0.155:5061
    iptables -A FORWARD -j ACCEPT -p tcp --dport 5062
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5062 -j DNAT --to 192.168.0.155:5062
    iptables -A FORWARD -j ACCEPT -p tcp --dport 5063
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5063 -j DNAT --to 192.168.0.155:5063
    iptables -A FORWARD -j ACCEPT -p udp --dport 5060
    iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5060 -j DNAT --to 192.168.0.155:5060
    iptables -A FORWARD -j ACCEPT -p udp --dport 5061
    iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5061 -j DNAT --to 192.168.0.155:5061
    iptables -A FORWARD -j ACCEPT -p udp --dport 5062
    iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5062 -j DNAT --to 192.168.0.155:5062
    iptables -A FORWARD -j ACCEPT -p udp --dport 5063
    iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5063 -j DNAT --to 192.168.0.155:5063
    iptables -A FORWARD -j ACCEPT -p tcp --dport 9900
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 9900 -j DNAT --to 192.168.0.155:9900
    iptables -A FORWARD -j ACCEPT -p tcp --dport 5190
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5190 -j DNAT --to 192.168.0.155:5190
    # Share Internet
    iptables -t nat -A POSTROUTING -j SNAT -s 192.168.0.0/24 --to-source 24.170.148.176
     
    pinellashosting, Apr 18, 2011 IP