• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

URGENT: Iptables and routing problem... LINUX...

H

HyTekJosh

Golden Member
We have a linuxrouter (running mandrake 8.0) fowarding all ports except 2 specified ports to our main server on our lan. However when accessing our websites from our lan (using the internet ip) where the server is located it doesnt work. Instead of forwarding all the ports to the main server, it just access the router's ports. So for everyone accessing us from the outside, it forwards all but 2of the ports to our main server, but for everyone accessing us from our local area network, it doesn't forward any ports. Need some help ASAP! Thanks in advance!!!!!
 
Here is my router script...

#/bin/sh

#HyTek Computer Firewall Configuration Script

#Custom variables
LAN_IP_RANGE="192.168.1.0/255.255.255.0"
LOCALHOST_IP="127.0.0.1"
ROUTER_IP="192.168.1.1"
SERVER_IP="192.168.1.5"
INET_IP="24.45.176.213"
INET_IFACE="eth0"
LAN_IFACE="eth1"
IPTABLES="iptables"

#Clear all existing rules
$IPTABLES --flush
$IPTABLES -t nat --flush

#Allow everything except denied MAC Addresses
$IPTABLES -P FORWARD ACCEPT

#MAC FILTERING:
for maclist in `grep -v \# /etc/mac_deny`
do
$IPTABLES -A FORWARD -m mac --mac-source $maclist -j DROP
done

#NAT:
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE

#Keeps current connection
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

#FORWARDING:
$IPTABLES -t nat -A PREROUTING -d $INET_IP -p TCP --dport 0:21 -j DNAT --to $SERVER_IP
$IPTABLES -t nat -A PREROUTING -d $INET_IP -p TCP --dport 23:9999 -j DNAT --to $SERVER_IP
$IPTABLES -t nat -A PREROUTING -d $INET_IP -p TCP --dport 10001:65534 -j DNAT --to $SERVER_IP
$IPTABLES -t nat -A PREROUTING -d $INET_IP -p UDP -j DNAT --to $SERVER_IP
$IPTABLES -t nat -A PREROUTING -d $INET_IP -p 47 -j DNAT --to $SERVER_IP
#$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -p udp --dport 500 -j DNAT --to $SERVER_IP
#$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -j DNAT --to $SERVER_IP
#$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -p 47 -j DNAT --to $SERVER_IP

#PORT FILTERING:
#
#Incoming & Outgoing-
#$IPTABLES -A FORWARD -p TCP --dport 0 -j DROP
#$IPTABLES -A FORWARD -p UDP --dport 0 -j DROP
#
#Incoming-
#$IPTABLES -A FORWARD -p TCP -d $LAN_IP_RANGE --dport 0 -j DROP
#$IPTABLES -A FORWARD -p UDP -d $LAN_IP_RANGE --dport 0 -j DROP
#
#Outgoing-
#$IPTABLES -A FORWARD -p TCP -s $LAN_IP_RANGE --dport 0 -j DROP
#$IPTABLES -A FORWARD -p UDP -s $LAN_IP_RANGE --dport 0 -j DROP

#LOGGING:
#
#Incoming Requests-
#
iptables -A FORWARD -m limit --limit 1000/hour --limit-burst 1 -j LOG --log-level DEBUG --log-prefix "Logged packet: "
#Outgoing Requests-
#
#
#Illegal outgoing requests
#$IPTABLES -A in_to_out -m limit --limit 10/hour --limit-burst 1 -j LOG --log-level DEBUG --log-prefix "illegal internet request: "
#
#Illegal incoming requests
#

#Make it all go!
echo "1" > /proc/sys/net/ipv4/ip_forward
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top