schverigs
03-17-2002, 04:18 PM
I am trying to get an IPTables script working (thanks SuperHornet). I am able to cruise the web and everything fine but it is not forwarding web requests to my web server and then displaying the site. Below is the script. Can anyone tell me what I am doing wrong.
###############################
#!/bin/sh
echo "Bringing Up The Firewall"
IPTABLES=/sbin/iptables
EXTIF="eth0"
INTIF="eth1"
WEB_SERVER="192.168.1.50"
EXT_ADD="my ip address"
echo "External Interface: $EXTIF"
echo "Internal Interface: $INTIF"
echo "Web Server Address: $WEB_SERVER"
echo "External IP Address: $EXT_ADD"
echo -en "Loading Modules"
echo "Verifying all Kernel Modules"
/sbin/depmod -a
echo -en "iptables, "
/sbin/insmod ip_tables
echo -en "ip_conntrack, "
/sbin/insmod ip_conntrack
echo -en "ip_conntrack_ftp, "
/sbin/insmod ip_conntrack_ftp
echo -en "ip_conntrack_irc, "
/sbin/insmod ip_conntrack_irc
echo -en "ip_nat, "
/sbin/insmod iptable_nat
echo -en "ip_nat_ftp, "
/sbin/insmod ip_nat_ftp
echo "Done loading Modules"
echo "Enabling Forwarding"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "Clearing Existing Rules"
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo "Allow all connections out and existing and related ones in"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
echo "Enabling SNAT masquaade on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo "Web Forwarding"
$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp \
--sport 1024:65535 -d $EXT_ADD --dport 80 \
-j DNAT --to-destination $WEB_SERVER
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp \
--sport 1024:65535 -d $WEB_SERVER --dport 80 \
-m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF \
-m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF \
-m state --state ESTABLISHED,RELATED -j ACCEPT
echo "Firewall Is Now Up"
###############################
#!/bin/sh
echo "Bringing Up The Firewall"
IPTABLES=/sbin/iptables
EXTIF="eth0"
INTIF="eth1"
WEB_SERVER="192.168.1.50"
EXT_ADD="my ip address"
echo "External Interface: $EXTIF"
echo "Internal Interface: $INTIF"
echo "Web Server Address: $WEB_SERVER"
echo "External IP Address: $EXT_ADD"
echo -en "Loading Modules"
echo "Verifying all Kernel Modules"
/sbin/depmod -a
echo -en "iptables, "
/sbin/insmod ip_tables
echo -en "ip_conntrack, "
/sbin/insmod ip_conntrack
echo -en "ip_conntrack_ftp, "
/sbin/insmod ip_conntrack_ftp
echo -en "ip_conntrack_irc, "
/sbin/insmod ip_conntrack_irc
echo -en "ip_nat, "
/sbin/insmod iptable_nat
echo -en "ip_nat_ftp, "
/sbin/insmod ip_nat_ftp
echo "Done loading Modules"
echo "Enabling Forwarding"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "Clearing Existing Rules"
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo "Allow all connections out and existing and related ones in"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
echo "Enabling SNAT masquaade on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo "Web Forwarding"
$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp \
--sport 1024:65535 -d $EXT_ADD --dport 80 \
-j DNAT --to-destination $WEB_SERVER
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp \
--sport 1024:65535 -d $WEB_SERVER --dport 80 \
-m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF \
-m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF \
-m state --state ESTABLISHED,RELATED -j ACCEPT
echo "Firewall Is Now Up"