schverigs
03-21-2002, 10:22 PM
Hi all,
I need some help. Super Hornet gave me this script and it works great except for the forwarding of users to my internal web server. Right now when you go to my website it just clocks because you do not get forwarded on to the web server. I am not sure if I have posted this here but below is my script. If anyone can figure out what is wrong please tell me. I am new to the IPTables world.
########################
#!/bin/sh
echo "Bringing Up The Firewall"
IPTABLES=/sbin/iptables
EXTIF="eth0"
INTIF="eth1"
WEB_SERVER="192.168.1.50"
EXT_ADD="172.18.31.40" <-not actual IP
echo "External Interface: $EXTIF"
echo "Internal Interface: $INTIF"
echo "Web Server Address: $WEB_SERVER"
echo "External IP Address: $EXT_ADD"
echo -en "Loading Modules"
echo "Verifying all Kernel Modules"
/sbin/depmod -a
echo -en "iptables, "
/sbin/insmod ip_tables
echo -en "ip_conntrack, "
/sbin/insmod ip_conntrack
echo -en "ip_conntrack_ftp, "
/sbin/insmod ip_conntrack_ftp
echo -en "ip_conntrack_irc, "
/sbin/insmod ip_conntrack_irc
echo -en "ip_nat, "
/sbin/insmod iptable_nat
echo -en "ip_nat_ftp, "
/sbin/insmod ip_nat_ftp
echo "Done loading Modules"
echo "Enabling Forwarding"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "Clearing Existing Rules"
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp \
--sport 1024:65535 -d $EXT_ADD --dport 80 \
-j DNAT --to-destination $WEB_SERVER
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp \
--sport 1024:65535 -d $WEB_SERVER --dport 80 \
-m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF \
-m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF \
-m state --state ESTABLISHED,RELATED -j ACCEPT
echo "Firewall Is Now Up"
I need some help. Super Hornet gave me this script and it works great except for the forwarding of users to my internal web server. Right now when you go to my website it just clocks because you do not get forwarded on to the web server. I am not sure if I have posted this here but below is my script. If anyone can figure out what is wrong please tell me. I am new to the IPTables world.
########################
#!/bin/sh
echo "Bringing Up The Firewall"
IPTABLES=/sbin/iptables
EXTIF="eth0"
INTIF="eth1"
WEB_SERVER="192.168.1.50"
EXT_ADD="172.18.31.40" <-not actual IP
echo "External Interface: $EXTIF"
echo "Internal Interface: $INTIF"
echo "Web Server Address: $WEB_SERVER"
echo "External IP Address: $EXT_ADD"
echo -en "Loading Modules"
echo "Verifying all Kernel Modules"
/sbin/depmod -a
echo -en "iptables, "
/sbin/insmod ip_tables
echo -en "ip_conntrack, "
/sbin/insmod ip_conntrack
echo -en "ip_conntrack_ftp, "
/sbin/insmod ip_conntrack_ftp
echo -en "ip_conntrack_irc, "
/sbin/insmod ip_conntrack_irc
echo -en "ip_nat, "
/sbin/insmod iptable_nat
echo -en "ip_nat_ftp, "
/sbin/insmod ip_nat_ftp
echo "Done loading Modules"
echo "Enabling Forwarding"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "Clearing Existing Rules"
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp \
--sport 1024:65535 -d $EXT_ADD --dport 80 \
-j DNAT --to-destination $WEB_SERVER
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp \
--sport 1024:65535 -d $WEB_SERVER --dport 80 \
-m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF \
-m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF \
-m state --state ESTABLISHED,RELATED -j ACCEPT
echo "Firewall Is Now Up"