IPTABLES - Allow Internal HOST with Public IP through Firewall

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hello:

I am new to IPTABLES. I have setup and Ubuntu 8.04 Server running
ebox. It is running DHCP (192.168.1.0-250), NAT, DNS, Squid
Transparent Proxy. All of the firewall rules were configured using
ebox's firewall module.

Basic setup:
Eth0 - external interface 12.32.12.2 (GW 12.32.12.1) - Internet

Eth1 - internal Interface 192.168.1.254

I have a host on the internal network that I need to assign a public
IP to allow unrestricted access to the internet. 12.32.12.3...

I have been told that ebox can not configure this for me and I have no
idea what I'm doing in IPTABLES. From what I have read it looks like I
should be able to setup something in PREROUTING and POSTROUTING to
allow me to do this?

Any help would be greatly appreciated!!!

Thanks,

Re: IPTABLES - Allow Internal HOST with Public IP through Firewall
redmondmj@gmail.com wrote:
Quoted text here. Click to load it

You don't need a public IP address for unrestricted access to the
Internet. Who told you such nonsense?

Please describe what exactly you're trying to achieve, and also post
your current ruleset.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: IPTABLES - Allow Internal HOST with Public IP through Firewall
On Jun 30, 3:19 pm, redmon...@gmail.com wrote:
Quoted text here. Click to load it


If you could post the output for a few commands and describe what you
want to
do e.g. web client access, then some one can easily tell you rules.

iptables -nv -L
netstat -nr
ifconfig

since you are using DHCP you will need to grab the IP address
EXT= whatever your DHCP card is
DHCPIP=`/sbin/ifconfig $ | grep 'inet addr' | awk -F ':' '{print
$2}' | awk '{print $1}'`

Now you can make rules with eth? and $.

Are you wanting this computer to route?

Here are a few example rules.

/sbin/iptables -A INPUT  -p tcp -d 10.56.32.248 --destination-port
6000 -j DROP

/sbin/iptables -A OUTPUT -p tcp -s 10.56.32.248 --source-port
1024:65535 -d 10.78.109.150 --destination-port 110  -j ACCEPT
/sbin/iptables -A INPUT  -p tcp -d 10.56.32.248 --destination-port
1024:65535 -s 10.78.109.150 --source-port 110  -j ACCEPT

-----
http://www.1150riverviewdr.com /

Re: IPTABLES - Allow Internal HOST with Public IP through Firewall
On Jul 14, 2:31 am, s...@gnostheos.org wrote:
Quoted text here. Click to load it


After reading the post more carefully I realized what you are trying
to
do is nonsensical and my brain was trying to make it sensible.

You cannot have a public IP sitting on your internal network.
I assume your ISP gave you 4 IP's and you want 1-3 hosts
behind this box as a FW/router. This is not going to work, and
you probably only need 1 IP. The hosts on your private LAN
would get nonroutable IP's

http://tools.ietf.org/html/rfc1597

It seems you have DHCP setup for this, which makes it more
confusing. Your hosts on your LAN should be in the range for
your DHCP server. I don't think I understand what you are
doing.

Quoted text here. Click to load it


Re: IPTABLES - Allow Internal HOST with Public IP through Firewall
spam@gnostheos.org wrote:
Quoted text here. Click to load it

Of course he can, if he's given one by his ISP.

Quoted text here. Click to load it

Nonsense. Of course that can be made to work. What gives you the idea
you couldn't have public IP addresses on a private network?

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Site Timeline