[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Can't DNAT with iptables
On Mon, 2003-03-03 at 17:03, Steven Pritchard wrote:
> On Mon, Mar 03, 2003 at 04:47:31PM -0600, Dan Fleischer wrote:
> > I added the following rule immediately after the one above, but to no
> > avail:
> >
> > $IPTABLES -A FORWARD -p tcp -d 192.168.1.106 --dport 22 -j ACCEPT
> >
> > What do you think I should look for next?
>
> I'm not quite sure. Feel free to send me the output of the following
> (to the list or privately):
>
> iptables -nL --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
(I think rule 1 is from allowing unlimited loopback traffic.
It looks troublesome, though)
2 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x3F/0x00
3 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x03/0x03
4 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x06
5 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x05/0x05
6 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x11/0x01
7 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x18/0x08
8 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x30/0x20
9 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
10 DROP all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID
11 DROP all -- 100.1.1.2 0.0.0.0/0
12 DROP all -- 10.0.0.0/8 0.0.0.0/0
13 DROP all -- 172.16.0.0/12 0.0.0.0/0
14 DROP all -- 192.168.0.0/16 0.0.0.0/0
15 DROP all -- 224.0.0.0/4 0.0.0.0/0
16 DROP all -- 240.0.0.0/5 0.0.0.0/0
17 DROP all -- 127.0.0.0/8 0.0.0.0/0
18 DROP all -- 0.0.0.0 0.0.0.0/0
19 DROP all -- 255.255.255.255 0.0.0.0/0
20 DROP all -- 169.254.0.0/16 0.0.0.0/0
21 DROP all -- 192.0.2.0/24 0.0.0.0/0
22 DROP all -- 0.0.0.0/8 0.0.0.0/0
23 DROP icmp -- 0.0.0.0/0 0.0.0.0/0
24 ACCEPT icmp -- 192.168.1.0/24 0.0.0.0/0
25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:22
Chain FORWARD (policy DROP)
num target prot opt source destination
1 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x3F/0x00
2 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x03/0x03
3 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x06
4 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x05/0x05
5 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x11/0x01
6 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x18/0x08
7 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x30/0x20
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
9 DROP all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID
10 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
type 8 state NEW
11 ACCEPT tcp -- 0.0.0.0/0 100.1.1.106 tcp
dpt:22 state NEW
12 DROP tcp -- 192.168.1.0/24 0.0.0.0/0 tcp
dpts:137:139
13 DROP udp -- 192.168.1.0/24 0.0.0.0/0 udp
dpts:137:139
14 DROP tcp -- 192.168.1.0/24 0.0.0.0/0 tcp
dpts:1433:1434
15 DROP udp -- 192.168.1.0/24 0.0.0.0/0 udp
dpts:1433:1434
16 DROP tcp -- 192.168.1.0/24 0.0.0.0/0 tcp
dpt:6667
17 DROP udp -- 192.168.1.0/24 0.0.0.0/0 udp
dpt:6667
18 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0
19 ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0
Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
3 DROP all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID
4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
type 8 state NEW
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:22
> iptables -t nat -nL --line-numbers
>
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp -- 0.0.0.0/0 100.1.1.106 tcp
dpt:22 to:192.168.1.106:22
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 SNAT all -- 192.168.1.0/24 0.0.0.0/0
to:100.1.1.2
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Sorry for the length. I thought it might be good for the community.
--
Dan Fleischer
Systems Administrator
Bank & Trust Co.
401 N. Madison St.
Litchfield, IL 62056
Ph. 217-324-3935
http://www.bank-and-trust.com
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.