Find the answer to your Linux question:
Results 1 to 2 of 2
Here's my firewall startup script: # # by default, nothing is forwarded. iptables -P FORWARD DROP # # Allow all connections OUT and only related ones IN iptables -A FORWARD ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2005
    Posts
    18

    I am trying to get my router to do IP forwarding


    Here's my firewall startup script:

    # # by default, nothing is forwarded.
    iptables -P FORWARD DROP

    # # Allow all connections OUT and only related ones IN
    iptables -A FORWARD -i $EXTERNAL -o $INTERNAL -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -i $INTERNAL -o $EXTERNAL -j ACCEPT
    # # Make sure SSH doesn't get dropped
    iptables -A FORWARD -i $EXTERNAL -o $INTERNAL -p tcp --dport $SSH_PORT -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp -i $EXTERNAL --dport $SSH_PORT -j DNAT --to $PORTFWDIP:$SSH_PORT

    # # enable MASQUERADING
    iptables -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE

    where EXTERNAL is my the NIC that's on the internet, INTERNAL is the NIC that's on the LAN, SSH_PORT is 22, and PORTFWDIP is the computer I want it to forward all stuff on port 22 to. It doesn't give me any errors when I run the script, but when I try to ssh in (using the IP address of the internet visible NIC rather than the private NIC, which works) then it tries to ssh into the router itself. If I kill ssh on the router then here's the error message I get:
    ssh: connect to host (my IP address here) port 22: Connection refused

    which doesn't make sense, since my rules should allow in all stuff on port 22 and send it to the computer at PORTFWDIP, right?

  2. #2
    Just Joined!
    Join Date
    Aug 2005
    Posts
    18

    Why did I say IP forwarding?

    I meant port forwarding.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •