Port Fowarding with Iptables and Suse 9.1

Port Fowarding with Iptables and Suse 9.1

Post by goo.. » Wed, 12 Jan 2005 09:38:17



Despite my best attempts, I cannot seem to get port forwarding working
on a suse 9.1 machine using iptables.

My firewall.sh:

#!/bin/bash

IPTABLES='/usr/sbin/iptables'

EXTIF='eth0'
INTIF1='eth1'
INTIF2='eth2'

/bin/echo 1 > /proc/sys/net/ipv4/ip_forward

$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -X

$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

$IPTABLES -A FORWARD -m state --state ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -p icmp -m state --state RELATED -j ACCEPT

$IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF -m state --state
NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -m state --state
NEW,ESTABLISHED -j ACCEPT

$IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT
$IPTABLES -A INPUT --protocol tcp --dport 25 -j ACCEPT
$IPTABLES -A INPUT --protocol tcp --dport 143 -j ACCEPT

$IPTABLES -A FORWARD -i eth0 -d 192.168.0.3 --protocol tcp --dport 80
-j ACCEPT
$IPTABLES -A PREROUTING -i eth0 -t nat -p tcp --dport 80 -j DNAT --to
192.168.0.3:80

Anyone see anything wrong with this?

Thanks,
Nathan

 
 
 

Port Fowarding with Iptables and Suse 9.1

Post by chud » Wed, 12 Jan 2005 13:19:46



> Despite my best attempts, I cannot seem to get port forwarding working
> on a suse 9.1 machine using iptables.

> My firewall.sh:

> #!/bin/bash

> IPTABLES='/usr/sbin/iptables'

> EXTIF='eth0'
> INTIF1='eth1'
> INTIF2='eth2'

> /bin/echo 1 > /proc/sys/net/ipv4/ip_forward

> $IPTABLES -F
> $IPTABLES -t nat -F
> $IPTABLES -X

> $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

> $IPTABLES -A FORWARD -m state --state ESTABLISHED -j ACCEPT $IPTABLES -A
> FORWARD -p icmp -m state --state RELATED -j ACCEPT

> $IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF -m state --state
> NEW,ESTABLISHED -j ACCEPT
> $IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -m state --state
> NEW,ESTABLISHED -j ACCEPT

> $IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT $IPTABLES -A
> INPUT --protocol tcp --dport 25 -j ACCEPT $IPTABLES -A INPUT --protocol
> tcp --dport 143 -j ACCEPT

> $IPTABLES -A FORWARD -i eth0 -d 192.168.0.3 --protocol tcp --dport 80 -j
> ACCEPT
> $IPTABLES -A PREROUTING -i eth0 -t nat -p tcp --dport 80 -j DNAT --to
> 192.168.0.3:80

> Anyone see anything wrong with this?

> Thanks,
> Nathan

Assuming your firewall script works prior to adding the forwarding, try:
$IPTABLES -A PREROUTING -i eth0 -d IPADDR -t nat -p tcp --dport 80 -j
DNAT--to 192.168.0.3:80
where IPADRR = ip address of the machine doing the forwarding (your SUSE
machine)