Results 1 to 4 of 4
hi, i tried to build a linux firewall using Centos 5.4 but not sucessfully.
Topology:
RangeIP Public <--->Firewall<--->HTTP Server
1. Firewall server includes 2 NIC:
NIC 01 have 2 IP ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-15-2010 #1Just Joined!
- Join Date
- Nov 2009
- Posts
- 9
Rules for Firewall
hi, i tried to build a linux firewall using Centos 5.4 but not sucessfully.
Topology:
RangeIP Public <--->Firewall<--->HTTP Server
1. Firewall server includes 2 NIC:
NIC 01 have 2 IP public 64.34.34.1&2
NIC 02 has 1 internal IP 10.0.0.1
2. HTTP Server include 1 NIC
NIC 1: 10.0.0.2
I want to config to every body from internet can access to webserver (10.0.0.2) through firewall server.
Use Iptables, i try to write rules on FireWall Server bellow:
#iptables -t nat -A PREROUTING -t tcp -i eth0 --dport 80 -d <IP PUBLIC> -j DNAT --to 10.0.0.2:80
#iptables -t nat -A POSTROUTING -t tcp -s 10.0.0.2 -j SNAT --to <IP PUBLIC>
But not sucessfully. Please help me !
- 02-16-2010 #2Linux Guru
- Join Date
- Jun 2004
- Location
- The Keystone State
- Posts
- 2,615
Here is a TUTORIAL for IPTABLES.
Look at DNAT and SNAT
Also ensure Forwarding is turned on. It is off by default.
- 02-16-2010 #3Just Joined!
- Join Date
- Nov 2009
- Posts
- 9
I turned on ip_forward , but i can't access website from ip public
- 02-18-2010 #4Linux Guru
- Join Date
- Jun 2004
- Location
- The Keystone State
- Posts
- 2,615
Looking at your code you don't tell the SNAT rule to only do this on the outbound interface thus it is applied to all traffic after it is routed.
Try the following:
Code:iptables -t nat -A PREROUTING -t tcp -i eth0 --dport 80 -j DNAT --to-destination 10.0.0.2:80 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
