IPTables Prerouting - Security

This is a discussion on IPTables Prerouting - Security ; I'm trying to use IPTables nat forwarding from public ip address to internal subnet, but it's not relaying. Public Ip address 207.202.xxx.xxx -> 10.0.0.100 (Linux router) -> 10.1.10.15 (Linux machine.) I can access the linux machine from 10.0.0.100's router. I ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: IPTables Prerouting

  1. IPTables Prerouting

    I'm trying to use IPTables nat forwarding from public ip address to
    internal subnet, but it's not relaying.

    Public Ip address

    207.202.xxx.xxx -> 10.0.0.100 (Linux router) -> 10.1.10.15 (Linux
    machine.)

    I can access the linux machine from 10.0.0.100's router.

    I can access the Internet and the Linux router from the Linux machine.

    I'm using the iptables command:

    iptables -t nat -A PREROUTING -p tcp --dport 26 -j DNAT --to
    10.1.10.15:26

    I'm even disabled all of the DENY rules for forwarding.

    --TJ


  2. Re: IPTables Prerouting

    On Tue, 02 Oct 2007 13:18:43 -0700, "techjohnny@gmail.com"
    wrote:

    >I'm trying to use IPTables nat forwarding from public ip address to
    >internal subnet, but it's not relaying.
    >
    >Public Ip address
    >
    >207.202.xxx.xxx -> 10.0.0.100 (Linux router) -> 10.1.10.15 (Linux
    >machine.)
    >
    >I can access the linux machine from 10.0.0.100's router.
    >
    >I can access the Internet and the Linux router from the Linux machine.
    >
    >I'm using the iptables command:
    >
    >iptables -t nat -A PREROUTING -p tcp --dport 26 -j DNAT --to
    >10.1.10.15:26
    >
    >I'm even disabled all of the DENY rules for forwarding.
    >
    >--TJ


    This works for me, so it will work for you. But I have to wonder what
    is on port 26...

    iptables -t nat -I PREROUTING -p tcp -d 207.202.x.y --dport 26 \
    -j DNAT --to10.1.10.15:26
    iptables -I FORWARD -p tcp -d 10.1.10.15 ---dport 26 -j ACCEPT

    Since there is no defined service on TCP 26, you might not see
    anything happen, but the iptables lines above are correct.
    --
    buck

  3. Re: IPTables Prerouting

    On Oct 2, 8:27 pm, buck wrote:
    > On Tue, 02 Oct 2007 13:18:43 -0700, "techjoh...@gmail.com"
    >
    >
    >
    >
    >
    > wrote:
    > >I'm trying to use IPTables nat forwarding from public ip address to
    > >internal subnet, but it's not relaying.

    >
    > >Public Ip address

    >
    > >207.202.xxx.xxx -> 10.0.0.100 (Linux router) -> 10.1.10.15 (Linux
    > >machine.)

    >
    > >I can access the linux machine from 10.0.0.100's router.

    >
    > >I can access the Internet and the Linux router from the Linux machine.

    >
    > >I'm using the iptables command:

    >
    > >iptables -t nat -A PREROUTING -p tcp --dport 26 -j DNAT --to
    > >10.1.10.15:26

    >
    > >I'm even disabled all of the DENY rules for forwarding.

    >
    > >--TJ

    >
    > This works for me, so it will work for you. But I have to wonder what
    > is on port 26...
    >
    > iptables -t nat -I PREROUTING -p tcp -d 207.202.x.y --dport 26 \
    > -j DNAT --to10.1.10.15:26
    > iptables -I FORWARD -p tcp -d 10.1.10.15 ---dport 26 -j ACCEPT
    >
    > Since there is no defined service on TCP 26, you might not see
    > anything happen, but the iptables lines above are correct.
    > --
    > buck- Hide quoted text -
    >
    > - Show quoted text -


    Thanks for the response, but had to create an access-list and forward
    a port from the PIX first.

    --JP


+ Reply to Thread