Uz 2 tyzdne sa snazim nastavit presmerovanie portu a stale mi to nejde. Server mi sluzi ako brana do netu. Skusal som navody z forumov, no nic nepomaha. Pomoze niekto?
Pre port 80 mam nastavene nasledovne:
eth0 = internet
eth = local
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -d $INTERNET_IP -p tcp --dport 80 -j DNAT --to-destination $INTRANET_IP
iptables -A FORWARD -d $INTRANET_IP --dport 80 -j ACCEPT
Ma tam byt este nieco? Ja som to uz skusil fakt vselijak kombinovat... Nijako to nejde.
Presmerovanie portu
Pre pridávanie komentárov sa musíte prihlásiť.
Aký je výstup príkazu
cat /proc/sys/net/ipv4/ip_forward?Vyzera to byt OK, ale:
1) INPUT a FORWARD nemusis pridavat - akonahle zbehne pravidlo v PREROUTING, tieto zvysne retazce sa uz nekontroluju.
2) skus este pridat aj optionku -i eth0 (toto zrejme chyba nebude, ale pre uplnost toho pravidla..)
3) PREROUTING sa ti postaral o pakety, co idu k tebe dnu. Urobil si vsak aj cestu opacnym smerom pre odpovede z $INTRANET_IP:80 von do sveta?
Skontroluj, ci mas pritomne pravidlo typu:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
(za IP adresu si dosad svoj vnutorny rozsah). Ak toto nepomoze (resp. uz to tam davno mas), mozme sa o tom dalej pobavit.
modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 --icmp-type 0 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 --icmp-type 3 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 --icmp-type 11 -j ACCEPT
iptables -A INPUT -p ICMP -i eth1 --icmp-type 0 -j ACCEPT
iptables -A INPUT -p ICMP -i eth1 --icmp-type 3 -j ACCEPT
iptables -A INPUT -p ICMP -i eth1 --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP -i eth1 --icmp-type 11 -j ACCEPT
iptables -A INPUT -p ICMP --icmp-type echo-request -m limit -- 1/s --limit-burst 3 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
dalsie porty....
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m limit --limit 3/hour --limit-burst 5 -j LOG
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -d $INTERNET_IP -p tcp --dport 80 -j DNAT --to-destination $INTRANET_IP
iptables -A FORWARD -d $INTRANET_IP -p tcp --dport 80 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -p ICMP -i eth0 --icmp-type 0 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 --icmp-type 3 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 --icmp-type 11 -j ACCEPT
iptables -A INPUT -p ICMP -i eth1 --icmp-type 0 -j ACCEPT
iptables -A INPUT -p ICMP -i eth1 --icmp-type 3 -j ACCEPT
iptables -A INPUT -p ICMP -i eth1 --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP -i eth1 --icmp-type 11 -j ACCEPT
iptables -A INPUT -p ICMP --icmp-type echo-request -m limit -- 1/s --limit-burst 3 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
dalsie porty....
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m limit --limit 3/hour --limit-burst 5 -j LOG
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT