sslug-teknik team mailing list archive

Thread
Date

iptables portforward

To: sslug-teknik@xxxxxxxx
From: "Mogens Melander" <mogens@xxxxxxxxxxxxx>
Date: Thu, 7 Aug 2008 22:59:48 +0200 (CEST)
Delivered-to: mailing list sslug-teknik@xxxxxxxx
Importance: Normal
Mailing-list: contact sslug-teknik-help@xxxxxxxx; run by ezmlm
User-agent: SquirrelMail/1.4.15

Hejsa

Min firewall/router fungerede uden problemer indtil for et par dage
siden, hvor bla. port-forward stoppede med at virke.

Jeg har forsøgt all mulige/umulige kombinationer uden resultat.

Er der en iptables haj, der kan få øje på hvad der er problemet
med nedenstående regler.

# Generated by iptables-save v1.2.10 on Thu Aug  7 22:35:27 2008
*filter
:INPUT DROP [9376:703851]
:FORWARD DROP [25747:2018285]
:OUTPUT ACCEPT [3055:378532]
-A INPUT -d 127.0.0.1 -i eth1 -j DROP
-A INPUT -s 127.0.0.1 -i eth1 -j DROP
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -d 127.0.0.1 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -p tcp -m tcp --dport 35758 -j ACCEPT
-A FORWARD -i eth1 -p udp -m udp --dport 35758 -j ACCEPT
-A FORWARD -d 1.2.3.4 -i eth1 -p tcp -m state --state NEW -m tcp \
  --dport 35758 -j ACCEPT
-A FORWARD -i eth1 -p tcp -m state --state NEW -m tcp \
  --dport 35758 -j ACCEPT
-A FORWARD -i eth1 -p udp -m state --state NEW -m udp \
  --dport 35758 -j ACCEPT
COMMIT
# Completed on Thu Aug  7 22:35:27 2008
# Generated by iptables-save v1.2.10 on Thu Aug  7 22:35:27 2008
*nat
:PREROUTING ACCEPT [50458:4183904]
:POSTROUTING ACCEPT [254:15054]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -d 1.2.3.4 -p tcp -m tcp --dport 35758 -j DNAT \
  --to-destination 10.0.0.47:35758
-A PREROUTING -d 1.2.3.4 -p udp -m udp --dport 35758 -j DNAT \
  --to-destination 10.0.0.47:35758
-A POSTROUTING -s 10.0.0.0/255.255.255.0 -o eth1 -j MASQUERADE
COMMIT

-- 
Later

Mogens Melander
+45 40 85 71 38
+66 870 133 224



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Follow ups

Re: iptables portforward
From: Bent Bagger, 2008-08-08
Re: iptables portforward
From: Frank Vestergaard Pedersen, 2008-08-08