Find the answer to your Linux question:
Results 1 to 4 of 4
hi, i tried to build a linux firewall using Centos 5.4 but not sucessfully. Topology: RangeIP Public <--->Firewall<--->HTTP Server 1. Firewall server includes 2 NIC: NIC 01 have 2 IP ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2009
    Posts
    9

    Rules for Firewall


    hi, i tried to build a linux firewall using Centos 5.4 but not sucessfully.
    Topology:

    RangeIP Public <--->Firewall<--->HTTP Server

    1. Firewall server includes 2 NIC:
    NIC 01 have 2 IP public 64.34.34.1&2
    NIC 02 has 1 internal IP 10.0.0.1
    2. HTTP Server include 1 NIC
    NIC 1: 10.0.0.2

    I want to config to every body from internet can access to webserver (10.0.0.2) through firewall server.

    Use Iptables, i try to write rules on FireWall Server bellow:
    #iptables -t nat -A PREROUTING -t tcp -i eth0 --dport 80 -d <IP PUBLIC> -j DNAT --to 10.0.0.2:80
    #iptables -t nat -A POSTROUTING -t tcp -s 10.0.0.2 -j SNAT --to <IP PUBLIC>

    But not sucessfully. Please help me !

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    Here is a TUTORIAL for IPTABLES.
    Look at DNAT and SNAT
    Also ensure Forwarding is turned on. It is off by default.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Nov 2009
    Posts
    9
    I turned on ip_forward , but i can't access website from ip public

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    Looking at your code you don't tell the SNAT rule to only do this on the outbound interface thus it is applied to all traffic after it is routed.

    Try the following:

    Code:
    iptables -t nat -A PREROUTING -t tcp -i eth0 --dport 80 -j DNAT --to-destination 10.0.0.2:80
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •