[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Iptables PREROUTING



Dear Augusto,

Thanks for your suggestion.
I already did that to enable the ip forward.

For the nemeeting, may be it is too difficult to discuss it right now. Let 
me say in this way. I have setup my Windows XP to have IIS on it. I tried to 
forward the traffic from 192.168.1.10:8081 (external interface of my linux 
box) to 192.168.0.30:80 (my windows box). In between, I have eth0 internal 
interface of my linux box with 192.168.0.11 in it.

Inside my linx box, I have this.

iptables -t nat -A PREROUTING -i eth1 -o eth0 -p tcp --sport 1024:65535 -d 
192.168.1.10 --dport 8081 -j DNAT --to-destination 192.168.0.30:80
iptables -A FORWARD -i eth1 -o eth0 -p tcp --sport 1024:65535 -d 
192.168.0.30 --dport 80 -m state --state NEW -j ACCEPT

However, if I try this on my laptop which is using 192.168.1.x (same segment 
with the external interface of my Linux box), I cannot get it work.

Any suggestion?

Best Regards,

Vincent


On Thu, 5 Feb 2004 11:54:48 -0300, Augusto S Amaya wrote
> Dear Vicent  , first at all , sorry about my por english :)
> 
> To enable ipfowarding just do write this in a console:
> 
> /bin/echo "1" > /proc/sys/net/ipv4/ip_forward
> 
> But , if the netmeeting port also is filtered by the firewall they 
> may not work.
> 
> --------------------------------------------------------------
> Augusto S Amaya
> Administrador Certif. Servidores Linux  - Dto. de Produccion de Sistemas
> Per鏮 407    Conmutador: 6329-0000    Tel/Interno: 4370/4371/4372 
> Fax: augusto.s.amaya@xxxxxxxxxxxxxxxxxxx http://www.bancogalicia.com.ar
> 
>                       "Vincent Lee"
> 
>                    <vincent.lee@vs-pro      Para:     SuSE Security 
> <suse-security@xxxxxxxx>                                             
>                  .com>                    cc:
> 
>                                        Asunto:   Re: [suse-security] 
> Iptables PREROUTING                                                  
>            05/02/2004 11:03
> 
>                       a.m.
> 
> Dear all,
> 
> Thanks for your info. I try to enabled the ip forwarding function. 
> However,
> 
> I still cannot pass it through.
> 
> Internet traffic --> My boardband router (all WAN traffic) --> external
> interface of my linux box (eth1, 192.168.1.x).
> 
> Behind the Linux box with internal interface eth0 (192.168.0.x), I 
> have my Windows XP here. I want to know whether I can setup the MS 
> netmeeting or not?
> 
> Best Regards,
> 
> Vincent
> 
> On Wed, 04 Feb 2004 13:48:58 +0200, Ray Leach wrote
> > On Wed, 2004-02-04 at 00:46, Geoffrey wrote:
> > > Vincent Lee wrote:
> > > > Dear all,
> > > >
> > > > I am new to SuSE. I would like to setup the MS netmeeting for a
> > > > computer which behind SuSE firewall. When I made change on the nat, I
> > > >  cannot get it through. It seems that the IP forwarding is disabled
> > > > by SuSE. Can anyone tell me how can I enable it?
> > >
> > > Yast -> Network devices -> network card -> change ->
> > > edit -> routing -> enable ip forwarding
> > >
> > > It's a check box at the lower center of the window.
> > >
> > Or just edit /etc/sysconfig/sysctl
> > and then restart your networking (/etc/rc.d/network restart)
> >
> > > --
> > > Until later, Geoffrey                     Registered Linux User #108567
> > > Building secure systems inspite of Microsoft
> > --
> > --
> > Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
> > Network Support Specialist
> > http://www.knowledgefactory.co.za
> > "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
> > Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
> > --
> 
> --
> Best Regards,
> 
> Vincent Lee
> 
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here


--
Best Regards,

Vincent Lee


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here