Link to home
Start Free TrialLog in
Avatar of cvinodhkumar
cvinodhkumar

asked on

Redhat Enterprise Linux EL 4 - IPTABLE Configuration

I am very new to Linux(Redhat EL4). I have connected  Lunix Box to broadband connection via switch.
I have not installed any antivirus on it  and i want to configure IPTABLES.
Please tell me how to access and add entry to it. My box IP is 192.168.0.130.
Except Local network,  noone should not access the box.

Pls
Avatar of arulkumarabi
arulkumarabi

Access how do you mean? Trough SSH or what ? :)

//Emil Palm
Avatar of cvinodhkumar

ASKER

I will little bit clear,
As i want to keep the linux box as gateway for my private network. I need some entries.

The Linux box is having a NIC, I have decided to add secondary IP. (One Private and One Public)

Which on is best a) having seperate NIC cards or NIC with secondary IP.?

The follwing i am having in my private network.
A VNC Server
A IIS Server.

Pls tell me the entry.  
a. The VNC traffic comes to Linux box is to be routed to VNC server
b. The HTTP traffic comes to Linux box is to be routed to IIS server.
c. Except this others should be blocked.




Okay that gives me abit more info.

You will have to buy a secondary card. A alias ip will only be possible within the same network space as your physical device. For ex.

eth0: 10.0.0.1 netmask 255.255.255.0
then eth0:0 can only be within that same netmask 10.0.0.0/24

So for your setup to work you need a second physical card where one is setup as your External interface against the internet. Lets say that is eth0.
Then the other card will have a private address (Descriped in RFC1918, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/16)

So lets say this:
eth0 = PUBLIC IP from your isp.
eth1 = 10.0.0.0 netmask 255.255.255.0 (Privat and connected to a switch/hub where you put the rest of your computers)

Then you should put your servers on 10.0.0.0/24 ips for example 10.0.0.100 (VNC) and 10.0.0.101 (IIS)

Now on to the firewall stuff.

You need to compile in iptables and such things into the kernel and install the iptables packages from your distro.

Then you just do these quick steps:
1) # echo 1 > /proc/sys/net/ipv4/ip_forward
2) # iptables -F
3) # iptables -t nat -F
4) # iptables --delete-chain
5) # iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
6) # iptables --append FORWARD --in-interface eth1 -j ACCEPT
7) # iptables -t nat -A PREROUTING -p tcp --dport 5900 -i eth0 -j DNAT --to 10.0.0.100:5900
8) # iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 10.0.0.101:80

This should work and if you need more help i can help you and/or you could check this address becouse it takes up exactly want you want todo and has more examples then i bare to give :):

http://www.gentoo.org/doc/en/home-router-howto.xml

Best Regards
Emil Palm
ASKER CERTIFIED SOLUTION
Avatar of EmilPalm
EmilPalm

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I will get back after i apply it.