computers:firewall_configuration
This is an old revision of the document!
Table of Contents
Firewall configuration
Source NAT
First enable IPv4 packet forwarding by editing /etc/sysctl.conf
, uncomment (or add) the following line:
net.ipv4.ip_forward=1
Then add the following lines to /etc/rc.local
(so the rule is enabled on reboot):
# source NAT # alter the source address of the packets from the internal network Ext_IF="eth0" Ext_IP="1.1.1.1" Int_IF="eth3" Int_Net="192.168.1.0/16" iptables -t nat -A POSTROUTING -s $Int_Net -o $Ext_IF -j SNAT --to-source $Ext_IP iptables -A FORWARD -s $Int_Net -o $Ext_IF -j ACCEPT iptables -A FORWARD -d $Int_Net -i $Int_IF -m state --state ESTABLISHED,RELATED -j ACCEPT
Destination NAT
# destination NAT # forward ssh to Int_IP if the external IP Ext_IP_2 was used Ext_IP_2="1.1.1.2" Int_IP="192.168.1.2" iptables -t nat -I PREROUTING -p tcp -d $Ext_IP_2 --dport 22 -j DNAT --to-destination $Int_IP:22 iptables -A FORWARD -i $Ext_IF -o $Int_IF -p tcp --dport 22 -j ACCEPT
Monitoring
sudo iptables -t nat -L
References
computers/firewall_configuration.1314765203.txt.gz · Last modified: 2011/08/31 12:33 by chkuo