Help - Search - Members - Calendar
Full Version: Need Help With Iptables!
Linuxhelp > Support > Technical Support
nerostar450
I am becoming very frustrated at iptables, and I am greatly in need of some help! I need to forward all the traffic from my wlan0 infterface to my eth0 interface, and vice versa. I've tried using something like:

iptables -A FORWARD -s 0/0 -i eth0 -d 0/0 -o wlan0 -p 0 -m state --state ESTABLISHED -j ACCEPT

and many variations, but whenever I try to use the eth0 device (wlan0 has the active internet connection) it wont connect. I've used ethereal to capture the packets and eth0 asks and asks for the dns to be resolved unbeknowst to wlan0 (haha)

Can someone please help me get this fixed?
TheNixMaster
I have been playing with this my self to forward everything from eth1 to eth0 (eth0 is the net, eth1 is local w/dhcp). This will forward everything from eth1 to eth0 with no restrictions. I'm still working on locking it down a bit for security. But this will work. I just made a nat file and called it with "sh nat". You can set a crontab to run this file after reboot with "@reboot /location/of/file/nat".

Hope that helps you out.

CODE
# Flush and initialize tables
iptables -F
iptables -t nat -F
iptables --delete-chain
iptables -t nat --delete-chain

# If a packet doesn't match one of the built-in chains, drop it
#iptables --policy INPUT DROP
#iptables --policy OUTPUT DROP
iptables --policy FORWARD ACCEPT

#block outside packets that pretend to be from the firewall server
iptables -A INPUT -p all -s 192.168.0.1 -i eth0 -j DROP

# Traffic Rules
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow SSH
iptables -A INPUT -i eth0 -p 22 -j ACCEPT
iptables -A OUTPUT -o eth0 -p 22 -j ACCEPT
iptables -A INPUT -i eth1 -p 22 -j ACCEPT
iptables -A OUTPUT -o eth1 -p 22 -j ACCEPT

# Allow http
iptables -A INPUT -i eth0 -p 80 -j ACCEPT
iptables -A OUTPUT -o eth0 -p 80 -j ACCEPT
iptables -A INPUT -i eth1 -p 80 -j ACCEPT
iptables -A OUTPUT -o eth1 -p 80 -j ACCEPT

# Allow Mail
iptables -A INPUT -i eth0 -p 25 -j ACCEPT
iptables -A OUTPUT -o eth0 -p 25 -j ACCEPT
iptables -A INPUT -i eth1 -p 25 -j ACCEPT
iptables -A OUTPUT -o eth1 -p 25 -j ACCEPT
iptables -A INPUT -i eth0 -p 110 -j ACCEPT
iptables -A OUTPUT -o eth0 -p 110 -j ACCEPT
iptables -A INPUT -i eth1 -p 110 -j ACCEPT
iptables -A OUTPUT -o eth1 -p 110 -j ACCEPT

# Allow FTP
iptables -A INPUT -i eth0 -p 21 -j ACCEPT
iptables -A OUTPUT -o eth0 -p 21 -j ACCEPT
iptables -A INPUT -i eth1 -p 21 -j ACCEPT
iptables -A OUTPUT -o eth1 -p 21 -j ACCEPT

# Allow everything since above is not working
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -o eth1 -j ACCEPT

# Allow ping in and out
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT

# Allow masquerading (NAT) -- eth0 connects to internet and eth1 to local LAN
iptables -A POSTROUTING -t nat -o eth0 -s 192.168.0.0/24 -j MASQUERADE

# Enable forwarding of NAT packets to internet
echo 1 > /proc/sys/net/ipv4/ip_forward

# Prior to masquerading, the packets are routed via the filter table's FORWARD chain.
# Allowed outbound: New, established, and related connections
# Allowed inbound: Established and related connections
iptables -A FORWARD -t filter -i eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#iptables -A FORWARD -i eth1 -j ACCEPT
#iptables -A FORWARD -i eth0 -j ACCEPT


# Allow DNS queries in and out of the firewall Port 53 is DNS
iptables -A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 --dport 1024:65535 -j ACCEPT

# Allow all bi-directional traffic from the firewall to the LAN
iptables -A INPUT -j ACCEPT -p all -s 192.168.0.0/24 -i eth1
iptables -A OUTPUT -j ACCEPT -p all -d 192.168.0.0/24 -o eth1

# Allow ssh from anywhere to server - Change to specific IP address to restrict
#iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Log and drop all other packets to /var/log/messages
iptables -A OUTPUT -j LOG
iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG
iptables -A OUTPUT -j DROP
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP

iptables-save
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.