[wplug] iptables help
Chris Romano
romano.chris at gmail.com
Wed Feb 1 09:11:21 EST 2006
Our proxy server just went down and I am trying to configure a new box. I
thought that I had a copy of all the config files but I guess I don't
because I am having some problems. Here is the setup:
mailserver: 10.10.10.3
proxy internal IP: 192.168.0.1
proxy external IP: 10.10.10.6
We can do everything except send emails. I am guessing that the problem is
with the iptable rules. We are getting "connection failed" error messages
from Thunderbird. I must admit that it's been a while since I did anything
with iptables. Here is what they currently are:
#!/bin/sh
# Setting up vars
INTIF="eth0"
EXTIF="eth1"
EXTIP="10.10.10.6"
HTTPIP="192.168.0.3"
DNSIP="192.168.0.60"
# Checking and loading mods
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
# turning on forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
#Setting up the ruleset
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD ACCEPT
iptables -F FORWARD
iptables -t nat -F
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED
-j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
iptables -t nat -A PREROUTING --dst $EXTIP -p tcp --dport 80 -j DNAT
--to-destination $HTTPIP
iptables -t nat -A PREROUTING --dst $EXTIP -p tcp --dport 53 -j DNAT
--to-destination $DNSIP
By looking at these rules, it looks like to me that I am allowing pretty
much everything. Any ideas?
Thanks,
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wplug.org/pipermail/wplug/attachments/20060201/66e84df6/attachment.html
More information about the wplug
mailing list