cmargoi
asked on
Iptables Port Forwarding
I'm trying to forward smtp port for a machine located in DMZ; below is my script, i have tried to simplify it as much as possibile to reduce the posibility of error but still no success:
#!/bin/bash
IPT=/sbin/iptables
PUBIF="eth0"
PRIVIF="eth1"
PUBIP="81.196.XXX.XXX"
PRIVIP="10.0.0.1/24"
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
#curatam
$IPT -F INPUT
$IPT -F FORWARD
$IPT -F OUTPUT
$IPT -F -t nat
$IPT -F -t mangle
$IPT -F
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -t nat -A POSTROUTING -o $PUBIF -s 10.0.0.0/21 -j MASQUERADE
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to 10.0.0.7:25
$IPT -A FORWARD -i eth0 -o eth1 -p tcp -d 10.0.0.7 --dport 25 -j ACCEPT
tcpdump gives me :
00:25:36.674163 IP 85.186.xxx.xxx.62752 > 81-196-xxx-xxx.smtp: S 3287938996:3287938996(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 0 0,nop,nop,sackOK>
00:25:39.635597 IP 85.186.xxx.xxx.62752 > 81-196-xxx-xxx.smtp: S 3287938996:3287938996(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 0 0,nop,nop,sackOK>
#!/bin/bash
IPT=/sbin/iptables
PUBIF="eth0"
PRIVIF="eth1"
PUBIP="81.196.XXX.XXX"
PRIVIP="10.0.0.1/24"
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
#curatam
$IPT -F INPUT
$IPT -F FORWARD
$IPT -F OUTPUT
$IPT -F -t nat
$IPT -F -t mangle
$IPT -F
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -t nat -A POSTROUTING -o $PUBIF -s 10.0.0.0/21 -j MASQUERADE
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to 10.0.0.7:25
$IPT -A FORWARD -i eth0 -o eth1 -p tcp -d 10.0.0.7 --dport 25 -j ACCEPT
tcpdump gives me :
00:25:36.674163 IP 85.186.xxx.xxx.62752 > 81-196-xxx-xxx.smtp: S 3287938996:3287938996(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 0 0,nop,nop,sackOK>
00:25:39.635597 IP 85.186.xxx.xxx.62752 > 81-196-xxx-xxx.smtp: S 3287938996:3287938996(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 0 0,nop,nop,sackOK>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i disagree. i think is a split point with noci and me. we give the solution
Disagree with what exactly.
sorry Cyclops. i saw other quesion with delete no refund yours and i think is this question ... sorry my fault
change i disagree with My suggestion is
;)
change i disagree with My suggestion is
;)
lol....np....already replied to that one btw
I pinged this one because I wanted cmargoi to give some feedback on this as this issue seems very straight forward to solve to me, and I'm sure you've seen it too, when its seems too straight forward, there is often some other piece of the problem that isn't introduced that is the real culprit.
I pinged this one because I wanted cmargoi to give some feedback on this as this issue seems very straight forward to solve to me, and I'm sure you've seen it too, when its seems too straight forward, there is often some other piece of the problem that isn't introduced that is the real culprit.
ASKER