Link to home
Start Free TrialLog in
Avatar of cvinodhkumar

asked on

Redhat Enterprise Linux EL 4 - IPTABLE Configuration

I am very new to Linux(Redhat EL4). I have connected  Lunix Box to broadband connection via switch.
I have not installed any antivirus on it  and i want to configure IPTABLES.
Please tell me how to access and add entry to it. My box IP is
Except Local network,  noone should not access the box.

Avatar of arulkumarabi

Access how do you mean? Trough SSH or what ? :)

//Emil Palm
Avatar of cvinodhkumar


I will little bit clear,
As i want to keep the linux box as gateway for my private network. I need some entries.

The Linux box is having a NIC, I have decided to add secondary IP. (One Private and One Public)

Which on is best a) having seperate NIC cards or NIC with secondary IP.?

The follwing i am having in my private network.
A VNC Server
A IIS Server.

Pls tell me the entry.  
a. The VNC traffic comes to Linux box is to be routed to VNC server
b. The HTTP traffic comes to Linux box is to be routed to IIS server.
c. Except this others should be blocked.

Okay that gives me abit more info.

You will have to buy a secondary card. A alias ip will only be possible within the same network space as your physical device. For ex.

eth0: netmask
then eth0:0 can only be within that same netmask

So for your setup to work you need a second physical card where one is setup as your External interface against the internet. Lets say that is eth0.
Then the other card will have a private address (Descriped in RFC1918,,,

So lets say this:
eth0 = PUBLIC IP from your isp.
eth1 = netmask (Privat and connected to a switch/hub where you put the rest of your computers)

Then you should put your servers on ips for example (VNC) and (IIS)

Now on to the firewall stuff.

You need to compile in iptables and such things into the kernel and install the iptables packages from your distro.

Then you just do these quick steps:
1) # echo 1 > /proc/sys/net/ipv4/ip_forward
2) # iptables -F
3) # iptables -t nat -F
4) # iptables --delete-chain
5) # iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
6) # iptables --append FORWARD --in-interface eth1 -j ACCEPT
7) # iptables -t nat -A PREROUTING -p tcp --dport 5900 -i eth0 -j DNAT --to
8) # iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to

This should work and if you need more help i can help you and/or you could check this address becouse it takes up exactly want you want todo and has more examples then i bare to give :):

Best Regards
Emil Palm
Avatar of EmilPalm

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I will get back after i apply it.