[lug] Fedora, NAT, masquerading...iptables Rules versus firewall-config App

Dan Ferris dan at usrsbin.com
Mon Jun 9 21:24:09 MDT 2014


It's not Linux, but pfsense is pretty unbeatable for a gui based firewall.

Dan

On 06/09/2014 09:21 PM, stimits at comcast.net wrote:
> I have a fedora 19 machine with a real world IP address, and need its
> private 192.168.x.x ethernet to forward some linux appliances on this
> private net to the real world (they're all running one form or another
> of modified ubuntu for embedded systems). Being lazy, I can type in
> commands to enable ipv4 forwarding, then these iptables commands
> (private net is p2p1, public is em1):
> iptables -A FORWARD -i p2p1 -j ACCEPT
> iptables -A FORWARD -o p2p1 -j ACCEPT
> iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
> 
> (see
> http://docs.fedoraproject.org/en-US/Fedora/11/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
> )
> 
> This sort of works, as I can ping and use dotted decimal addresses, but
> DNS fails from the appliances. I haven't seen much IPv6 actually used in
> the real world, but I have to wonder if DNS failure is related to my
> iptables rules, or instead to something else (e.g., IPv6)?
> 
> I'm also wondering about the GUI firewall-config tool. It looks easy to
> use for forwarding of a dedicated port, but has anyone here used this
> tool for general forwarding from a private net to the public (as a
> router)? It looks like a port has to be named in this tool, and thus is
> not a general router setup tool.
> 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> 


More information about the LUG mailing list