Firewall Rules

[Victor Padro]

thank you Peter for the info,
anyway, this should be the right way to do it, isn't?

$ /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
10.0.0.2
$ /sbin/iptables -t nat -A PREROUTING -p tcp --dport 21 -j DNAT --to
10.0.0.2
$ /sbin/iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to
10.0.0.2
$ /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
10.0.0.3 <http://10.0.0.2/>
$ /sbin/iptables -t nat -A PREROUTING -p tcp --dport 21 -j DNAT --to
10.0.0.3 <http://10.0.0.2/>
$ /sbin/iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to
10.0.0.3 <http://10.0.0.2/>
$ /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
10.0.0.4 <http://10.0.0.2/>
$ /sbin/iptables -t nat -A PREROUTING -p tcp --dport 21 -j DNAT --to
10.0.0.4 <http://10.0.0.2/>
$ /sbin/iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to
10.0.0.4 <http://10.0.0.2/>

cheers,

Victor.


On 8/23/07, Peter Garrett <peter.garrett at optusnet.com.au> wrote:
>
> On Wed, 22 Aug 2007 16:59:10 -0500
> "Victor Padro" <vpadro at gmail.com> wrote:
>
> > ok, thank you for the info, now could this be fine just to implement
> three
> > servers using ftp, web and mail services behind a ubuntu box firewall?
> >
> > /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
> > 10.0.0.2
>
> {snipped}
>
> Only one gotcha here :)
>
> On Ubuntu it is
>
> /sbin/iptables   ( not /usr/sbin/iptables )
>
> $ lsb_release -d
> Description:    Ubuntu 7.04
> $ which iptables
> /sbin/iptables
>
> $ ls /usr/sbin/iptables
> ls: /usr/sbin/iptables: No such file or directory
>
> Peter
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070823/6f47a324/attachment.html>