[lug] nat and proxy firewall rules
Richard Fifarek
rfifarek at silug.org
Fri Mar 7 15:04:18 MST 2003
To NAT a subnet (192.168.1.0 is internal network, 192.168.2.0 is
external network):
iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 \
-o eth2 -j SNAT --to-source 192.168.2.1
To do port forward SMTP:
iptables -t nat -A PREROUTING -d 192.168.2.1 -i eth2 -p tcp \
-m tcp --dport 25 -j DNAT --to-destination 192.168.1.X:25
iptables -A FORWARD -d 192.168.2.1 -i eth2 -p tcp -m tcp \
--dport 25 -j ACCEPT
192.168.2.1 = External IP of NAT machine
eth2 = External interface of NAT machine
This is by no means the only rules you'll need, but it'll get you
headed in the right direction.
For documentation, www.netfilter.org and trial and error.
For a simple utility that has helped me with templates for
generating my own rules, see genfw:
http://www.kspei.com/projects/genfw/
Hope this helps.
--
Richard H. Fifarek
rfifarek at silug.org
More information about the LUG
mailing list