Re: [PLUG] IPTables Help..

LeRoy Cressy on 19 Nov 2003 15:27:02 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] IPTables Help..

From: LeRoy Cressy <ldc@lrcressy.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] IPTables Help..

Date: Wed, 19 Nov 2003 15:27:43 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

This is a portion of the nat code for my firewall. As you can see I do not allow everything to go out on the net, and I am very specific about what protocals are communicated. Like i do not like irc and all of the others like it. If you want to you could just set up nat for masquerading.

########################################### # # # NAT # # # ###########################################

iptables -t nat -F PREROUTING iptables -t nat -F POSTROUTING

# Set up the ip forwarding for the local network to get to the outside:

iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/16 \ --dport 20 -j SNAT --to $RealIP iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/16 \ --dport 21 -j SNAT --to $RealIP iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/24 \ --dport 22 -j SNAT --to $RealIP iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/16 \ --dport 25 -j SNAT --to $RealIP iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/16 \ --dport 465 -j SNAT --to $RealIP iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/16 \ --dport 53 -j SNAT --to $RealIP iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/16 \ --dport 80 -j SNAT --to $RealIP iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/24 \ --dport 443 -j SNAT --to $RealIP iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/24 \ --dport 110 -j SNAT --to $RealIP iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/24 \ --dport 113 -j SNAT --to $RealIP iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/24 \ --dport 119 -j SNAT --to $RealIP iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/24 \ --dport 389 -j SNAT --to $RealIP iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/24 \ --dport 873 -j SNAT --to $RealIP

Chris wrote: > Eth1 is crossed over to another machine. The only internet traffic is > over eth0 >

- -- Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\ http://lrcressy.com ( o.o ) Phone: 215-535-4037 > ^ < FAX: 215-535-4285

gpg fingerprint: 62DE 6CAB CEE1 B1B3 359A 81D8 3FEF E6DA 8501 AFEA

For info on enigmail: http://lrcressy.com/linux/mozilla.pdf For info on gpg: http://www.gnupg.org/

Jesus saith unto him, I am the way, the truth, and the life: no man cometh unto the Father, but by me. (John 14:6) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org

iD8DBQE/u9JIP+/m2oUBr+oRAslZAJ0fVOd7CMkIISHpm6liKdnyoSzgsACfTJO/ /ymZoVk0fQSYuZ0SnBLw318= =lFzu -----END PGP SIGNATURE-----

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

RE: [PLUG] IPTables Help..
From: "Chris" <chris@jynx.net>

Prev by Date: Re: [PLUG] software choice

Next by Date: Re: [PLUG] (no subject)

Previous by thread: RE: [PLUG] IPTables Help..

Next by thread: Re: [PLUG] IPTables Help..

Index(es):

Date

Thread