| View previous topic :: View next topic |
| Author |
Message |
lan
Apprentice
Joined: 06 Mar 2004
Posts: 215
Location: Verona, Italy (Romeo & juliet`s City)
|
 Posted: Thu Apr 29, 2004 12:31 pm Post subject: port forwarding |
 |
|
allora...ho un piccolo problema: devo fare si che quando uno si connette alla mia linux box da internet la richiesta venga inoltrata su un altra macchina della lan (ps: la mia macchina è gateway)
allora:
iptables -A FORWARD -i ppp0 -o eth0 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.2.1:80
ok così però non va... dove sbaglio? pergo di non darmi il solito link di netfilter grazie a tutti e ciao
Beppe
_________________
--
http://www.giuseppe-marocchio.com
skype: l4nz0r /voice
USH team www.ush.it |
|
| Back to top |
|
 |
fedeliallalinea
Administrator
Joined: 08 Mar 2003
Posts: 31284
Location: here
|
| Posted: Thu Apr 29, 2004 12:39 pm Post subject: |
|
|
Prova a vedere qua se hai fatto tutti i passi.
_________________
Questions are guaranteed in life; Answers aren't. |
|
| Back to top |
|
|
lan
Apprentice
Joined: 06 Mar 2004
Posts: 215
Location: Verona, Italy (Romeo & juliet`s City)
|
|
| Back to top |
|
|
xchris
Advocate
Joined: 10 Jul 2003
Posts: 2824
|
| Posted: Thu Apr 29, 2004 2:45 pm Post subject: |
|
|
dovresti postare la tua config.
domanda scontata: il forwarding lo hai abilitato anche nell'altro senso?
ciao
_________________
while True:Gentoo() |
|
| Back to top |
|
|
lan
Apprentice
Joined: 06 Mar 2004
Posts: 215
Location: Verona, Italy (Romeo & juliet`s City)
|
| Posted: Thu Apr 29, 2004 4:30 pm Post subject: ... |
|
|
ecco la mia conf corregetela pure...
| Code: |
jasmine lan # cat /usr/local/bin/firewall
#!/bin/bash
for table in nat mangle filter
do
iptables -t $table -F
iptables -t $table -X
done
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 192.168.0.2 -j ACCEPT
iptables -A INPUT -j LOG --log-prefix="INPUT:"
iptables -A OUTPUT -j LOG --log-prefix="OUTPUT:"
echo '0' > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo '1' > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport 2020 -j DNAT --to 192.168.0.2:20
iptables -A FORWARD -p tcp --dport 2020 -j ACCEPT
|
_________________
--
http://www.giuseppe-marocchio.com
skype: l4nz0r /voice
USH team www.ush.it |
|
| Back to top |
|
|
pascalbrax
Apprentice
Joined: 21 Jan 2004
Posts: 280
Location: 127.0.0.1
|
| Posted: Thu Apr 29, 2004 6:07 pm Post subject: |
|
|
se devi solo forwardare porte TCP, puoi usare rinetd, gira in user space ed e' facilissimo da configurare.
altrimenti puoi usare qualcosa tipo
| Code: | | iptables -A PREROUTING -p tcp -d ip.che.riceve.i.pacchetti --dport porta.che.vuoi.forwardare -j DNAT -t nat --to ip.a.cui.devono.arrivare.i.pacchetti |
_________________
"One World, One web, One program" - Microsoft Promo ad.
"Ein Volk, Ein Reich, Ein Führer" - Adolf Hitler |
|
| Back to top |
|
|
|
Forum italiano (Italian)
