Hi all,

I want to forward external SSH requests from a gateway server, to a content server that's inside a local network using DNAT (both running Fedora Core 4). I'm using IPTABLES with PREROUTING but it doesn't seem to work the way I would expect it to (it blocks all SSH connections from the outside).

#!/bin/bash

/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe iptable_filter
echo "1" > /proc/sys/net/ipv4/ip_forward

# clear configuration

/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F INPUT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -F OUTPUT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F FORWARD
/sbin/iptables -t nat -F

# allow loopback connection
/sbin/iptables -A INPUT -i lo -s 127.0.0.1 -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -d 127.0.0.1 -j ACCEPT

# set up wi-line
/sbin/iptables -A FORWARD -i eth0 -o eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $ext_ip

/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d $ext_ip --dport 26 -j DNAT --to 192.168.0.2:25

#forward port 22 to internal server
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.132 --dport 22 -j ACCEPT
/sbin/iptables -A FORWARD -p udp -i eth0 -d 192.168.0.132 --dport 22 -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d $ext_ip --dport 22 -j DNAT --to 192.168.0.132:22
/sbin/iptables -t nat -A PREROUTING -p udp -i eth0 -d $ext_ip --dport 22 -j DNAT --to 192.168.0.132:22

Also, on another machine (Fedora Core 4 web server running Apache), I want to block all ports but 80. I tried typing this:
/sbin/iptables -P INPUT DROP

/sbin/iptables -A INPUT -s 0/0 -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -s 0/0 -i eth0 -p udp -m udp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -s 0/0 -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -s 0/0 -i eth1 -p udp -m udp --dport 80 -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 80 -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -p udp -m udp --sport 80 -j ACCEPT
/sbin/iptables -A OUTPUT -o eth1 -p tcp -m tcp --sport 80 -j ACCEPT
/sbin/iptables -A OUTPUT -o eth1 -p udp -m udp --sport 80 -j ACCEPT

But when I start IPTables the webpage will not show up, until I shut off IPTables.

Any help would be appreciated. Thanks!

Mike