[wplug] Port Forwarding assistance to port 443
Albert Whale
aewhale at ABS-CompTech.com
Fri Oct 31 07:27:07 EST 2003
I am using Linux Mandrake, and running the Bastille-firewall project,
and till now have been quite pleased in the flexibility and
functionality of the tools.
Now I need to forward the public address (port 443 - https) to an
internal machine, however the portforward.sh tool attempts to make two
additions to the iptables rules, of which only one works.
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 0.0.0.0/0 --dport
443 -j DNAT --to 192.168.99.247:443
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.99.247 --dport 443
-j ACCEPT
The problem is that there is no Chain named PREROUTING in the bastille
project (even though the tool references it, I know, don't go there).
Here are the valid chains:
iptables -nL | grep Chain
Chain INPUT (policy DROP)
Chain FORWARD (policy DROP)
Chain OUTPUT (policy ACCEPT)
Chain INT_IN (1 references)
Chain INT_OUT (1 references)
Chain PAROLE (28 references)
Chain PUB_IN (2 references)
Chain PUB_OUT (2 references)
My question is, what rule or chain do I need to add to the iptables
configuration to promote the forwarding of port 443 to the internal network?
--
Albert E. Whale, CISSP - Sr. Security, Network, and Systems Consultant
--------------------------------------------------------------------------------
http://www.abs-comptech.com & http://www.No-JunkMail.com
ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
SPAM Zapper - www.No-JunkMail.com - SPAM Stops Here.
Founding Board of Directors of Pittsburgh FBI - InfraGard
More information about the wplug
mailing list