computers:firewall_configuration
This is an old revision of the document!
Table of Contents
Firewall configuration
iptables masquerading
First enable IPv4 packet forwarding by editing /etc/sysctl.conf, uncomment the following line:
net.ipv4.ip_forward=1
Then add the following lines to /etc/rc.local (so the rule is enabled on reboot):
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o eth0 -j MASQUERADE iptables -A FORWARD -s 192.168.1.0/16 -o eth0 -j ACCEPT iptables -A FORWARD -d 192.168.1.0/16 -m state --state ESTABLISHED,RELATED -i eth3 -j ACCEPT
Forwarding
# forward ssh to workstation with the internal ip 192.168.1.2 iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 22 -j DNAT --to-destination 192.168.1.2:22 iptables -A FORWARD -i eth0 -o eth3 -p tcp --dport 22 -j ACCEPT
References
computers/firewall_configuration.1314714454.txt.gz · Last modified: 2011/08/30 22:27 by chkuo