iptables port fowarding rules help ..

Mario Frechette mariof2000 at videotron.ca
Wed Dec 13 18:21:11 UTC 2006 

Hervé Fache a écrit :
> On 12/13/06, Mario Frechette <mariof2000 at videotron.ca> wrote:
>   
>> i am not a Pro at IPTABLES  but is there anything obviously wrong with
>> this script ??
>>     
>
> If you're not a pro at iptables, where does this script come from?
> It's far too complicated to me!
>
> I would only have 8 rules:
> - accept port #1 from wan
> - forward port #1 from wan to machine on lan
> - accept port #2 from wan
> - forward port #2 from wan to machine on lan
> - masquerade from lan to wan
> - block unwanted input from wan
> - block unwanted forward from wan
>
> The last three rules are available at
> https://help.ubuntu.com/community/UbuntuWirelessRouter
>
> Hervé.
>   
sorry forgot to tell it comes from the net ..
and i'am only trying to learn this stuff ..

i have put the hole script in case something in misconfigured in there

and as i said only the port forwarding part won't work
DHCP&NAT and MASQUARADE is ok
as i understood the first part ..should block anything by default
then.. how to port forward   ??

this was part of the script i found ...and yes i have RTFM and google a
 lot but still can't understand how to do it !

wich rules can i use in your link to replace this one ??

thanks

mario

#####port forwarding rules ##########################################

iptables -t nat -A PREROUTING -p tcp -i eth1 -d xxx.xxx.xxx.xxx --dport
5279 \
--sport 5279 -j DNAT --to 192.168.123.107:5279
iptables -t nat -A PREROUTING -p tcp -i eth1 -d xxx.xxx.xxx.xxx --dport
4279 \
--sport 4279 -j DNAT --to 192.168.123.107:4279
iptables -A FORWARD -p tcp -i eth1  -o eth0 -d 192.168.123.107 --dport
5279 --sport 5279 -m state --state NEW -j ACCEPT
iptables -A FORWARD -p tcp -i eth1 -o eth0  -d 192.168.123.107 --dport
4279 --sport 4279 -m state --state NEW -j ACCEPT

iptables -A FORWARD -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j
ACCEPT
iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

###########################################################################
# activation of forwarding in the kernel

echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.123.0/24 -o eth1 -j MASQUERADE

More information about the kubuntu-users mailing list