Subject: Re: iptables NAT SOLVED - msg#00006

List: debian.devel.firewall

Date: Prev Next Index Thread: Prev Next Index

Well it turned out to be my own silly mistake. I didn't enable
"CONFIG_IP_NF_MATCH_MULTIPORT" in the kernel, which allows multiple
ports to be specified in a single rule. And since I disabled module
support, I gots to compile a new kernel and reboot. So much for uptime
thanks to those who helped.

On Fri, 2002-09-27 at 16:58, Sean McAvoy wrote:
> Hello,
> I've got a system with 3 interfaces, LAN, DMZ, INET. Inet has an alias
> for another external IP. I've got it so it is forwarding DNS requests to
> the system on the DMZ, but when I try to ssh to it I get the firewall
> box... any ideas?
>
> iptables -t nat -A PREROUTING -p tcp --source-port 20 -d
> 207.61.160.164 --destination-port 1025:65535 -j DNAT --to-destination
> 192.168.9.10
> iptables -t nat -A PREROUTING -p tcp -m multiport -d (EXTERNAL IP)
> --destination-ports 22,443,21,53,80,3495 -j DNAT --to-destination
> 192.168.9.10
> iptables -t nat -A PREROUTING -p udp -d (EXTERNAL IP)
> --destination-port 53 -j DNAT --to-destination 192.168.9.10
>
>
> --
> Sean McAvoy
> Network Analyst
> Megawheels Technologies Inc.
> Phone: 416.360.8211
> Fax: 416.360.1403
> Cell: 416.616.6599
--
Sean McAvoy
Network Analyst
Megawheels Technologies Inc.
Phone: 416.360.8211
Fax: 416.360.1403
Cell: 416.616.6599

signature.asc
Description: This is a digitally signed message part

Was this page helpful?

Thread at a glance:

Previous Message by Date: click to view message preview

DNS behind firewal (using external IP)

Hello, I've got a system behind a firewall (assigned a CIDR address, on a DMZ interface), with my firewall assigned an extra external IP for the DNS server. I've set it up so it answers ARP requests, and have NAT setup so it forwards the DNS requests to the server (using DNAT). Problem is I can't seem to get DNS transfers working (it's slaves cannot transfer, and it can't receive NOTIFY from servers it is slave to). I verified that DNS tcp port is being translated as well (tcp 53), but still no luck. Any ideas? thanks -- Sean McAvoy Network Analyst Megawheels Technologies Inc. Phone: 416.360.8211 Fax: 416.360.1403 Cell: 416.616.6599 signature.asc Description: This is a digitally signed message part

Next Message by Date: click to view message preview

Re: DNS behind firewal (using external IP)

Hi! On Tue, Oct 01, 2002 at 02:10:04PM -0400, Sean McAvoy wrote: > Hello, > I've got a system behind a firewall (assigned a CIDR address, on a DMZ > interface), with my firewall assigned an extra external IP for the DNS > server. I've set it up so it answers ARP requests, and have NAT setup so > it forwards the DNS requests to the server (using DNAT). Problem is I > can't seem to get DNS transfers working (it's slaves cannot transfer, > and it can't receive NOTIFY from servers it is slave to). I verified > that DNS tcp port is being translated as well (tcp 53), but still no > luck. Any ideas? With "answer ARP requests" you mean proxy_arp? this is usual for bridges, not for NAT of a private network. DNAT to a private address should work as expected without it. maybe you have to SNAT the replys of your DNS to the public IP address alias on the firewall interface? HTH Frederik Schüler

Previous Message by Thread: click to view message preview

Next Message by Thread: click to view message preview

new ressources page: hardening

Hello, before I announce and link the page I want to have a smaller number of ppl to look over it, looking for omissions or errors. Can you please see, if the http://freefire.org/lib/hardening.en.php3 page does list the most important ressources for host hardening and security? I think I am at least missing some security howtos and guides for Linux. Greetings Bernd -- (OO) -- Bernd_Eckenfels@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -- ( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Loading Comments...